Monday, November 11, 2013

How to keep NSA out of your company’s data

(Editor's note: In this guest post, Yorgen Edholm, CEO of file sharing company Accellion, discusses security exposures that come with use of the public cloud.)

Who's in the driver's seat on your cloud strategy? Bob from marketing? Lisa from sales? It sounds ludicrous, but it's an unfortunate reality.

Today there are a lot of employees back-seat driving cloud corporate strategies by subscribing to public cloud solutions without IT's knowledge.

This means that proprietary corporate documents – such as confidential design specs, sales numbers, and business strategies – are being shared and stored without proper security controls.

The recent NSA PRISM revelations demonstrated just how little control public cloud providers have over government access to hosted data, which has reinvigorated an important conversation about the security merits of private versus public cloud strategies.

For me, the debate boils down to one word: control. How much control do you want over your data? There's no one-size-fits-all approach to cloud computing – what's right for one organization might not be right for others.

It depends on the type of information you're managing and how confidential it is; your organization's security policies and whether or not you need to monitor and report on where information is going; and whether or not you're governed under industry regulations like HIPAA that dictate where and how you store information.

With a private cloud strategy, you call the shots. You get an infrastructure that's operated just for you and you set the terms of service, as well as decide where the data lives. You know that your organization's information is only being accessed by authorized users.

While a private cloud may not stop the NSA from demanding access to your information, at least with a private cloud deployment you would know that it's occurring.

It's that peace of mind that's missing from public cloud solutions. With the public cloud there's no gua! rantee that you retain exclusive access to data that's rightfully yours. It's unclear exactly where your information is being housed, and who can view it

And as a result you could be exposing your organization to potential data leaks and costly compliance violations.

So are you ready to take back the wheel on your cloud strategy? My advice: let security, compliance and control lead the way. And follow the road that keeps your data right where it belongs – in a private cloud under the control of your organization.

No comments:

Post a Comment