Data security in the cloud?
Perhaps the biggest obstacle to cloud adoption is perceptions of data being insecure. Where is it? Who has access to it? What guarantees do I have it is not being leaked? What compliance obligations am I bound to? Does my provider comply themselves? And a host of other questions continue to stoke CIO and IT department apprehension. ARN asked four vendors and two resellers how to persuade clients that their data will be secure in the cloud. Here are their responses:“Security of customer data in the cloud is exactly the same as security in the datacentre and for hosting, so the same rules apply, like segregation, encryption and access control.” - Cisco datacentre practice manager, Dylan Morison
“The most important thing a partner can do is speak to their existing customers and ask them exactly what they need and what their security requirements are – otherwise they are just guessing.
“Firstly, partners should ensure they are building and utilising cloud services and architectures from tried and trusted vendors. Secondly, they should consider the specific needs of the customer and industry they are targeting – are there industry standards that can be applied, where is the data residing, what are the capabilities of the firm managing the infrastructure.”
- VMware partner director, Fred King
“Ask customers how they are securing their data now. Often, it is a very rudimentary ‘under the desk’ type of scenario, with little or no disaster recovery plan in place to secure their data. Cloud computing is especially beneficial for small and medium customers, enabling them to much better manage their data in the cloud than they would be able to do themselves. Customers should undertake risk assessments before making a decision on where to put their data. If it’s highly sensitive, then it might make sense to keep it on-premise. If it the information is less sensitive, it could be better managed in the cloud.”
- Microsoft developer and platform strategy director, Gianpaolo Carraro
“Channel partners should persuade clients to start off small and scale up rather than trying to implement the broadest service first. Also, a strong reference program is a big asset. If clients want concessions in the negotiation phase, sign them up as reference customers. It’s much better to have other customers saying how happy they have been if channel partners are trying to persuade potential clients.” - Novell technical specialist, Paul Kangro
“Mozy provides a useful and informative document in this regard. We simply pass this on to potential clients who raise the question. When it comes to issues of security and privacy, it makes absolutely no sense for us to gloss or enhance the 'facts', however we will happily answer any questions [usually related to terminology] should they ask.”
- OzeMozy director, David Dixon
"Convincing clients that there data is safe is largely perception. The key issue is talking about datacentre certification such as SAS70." - Devnet managing director, Craig Deveson
