Is the hybrid cloud a hybrid threat?

Opinion by Gary Sumner

Radical changes in the way business stores its data are looming, with massive implications for data security.

Radical changes in the way business stores its data are looming, with massive implications for data security.

New Forrester research shows that 66 per cent of businesses are moving their desktops, servers and data into the relatively uncharted territory of the hybrid cloud. Recent events have made it clear that moving sensitive data into the cloud is not a silver bullet and will require a new awareness of the threats that need to be addressed before implementing a cloud storage strategy.

When a disgruntled employee recently succeeded in wiping out an entire season of a major US TV show, we saw how outsourcing sensitive data can render a business vulnerable to the security models of the service provider, while Amazon's notorious data-loss incident illustrated the inherent risks associated with keeping masses of vital information in a single repository.

With Microsoft's recent warning to the EU that the Patriot Act now renders its citizens' personal data vulnerable to seizure, we saw the potentially troubling implications of moving data outside national jurisdictions.

At its best, the public cloud is the epicentre of personal empowerment and the globalised information age; a vast, instantly accessible, global pay-as-you-go pool of corporate consciousness, which can be shrunk or expanded, accessed or updated on demand from any location.

With information set to become ‘the oil of the 21st century' and mobile multi-national workforces spreading endpoints far and wide, it is clear that there can be no return to the days of fixed-endpoint data repositories.

Businesses now want to adopt a ‘pick and mix' approach, utilising the complementary benefits of different cloud models. The cost-saving benefits of the shared cloud-space, in terms of cheaper apps and limitless scaleable storage space, can be combined with the legal benefits of local clouds and the security benefits of private clouds, enveloping sensitive data in an on-site cocoon.

The hybrid enables cloud models to be moulded to the needs of differing industries and businesses, from companies trading information that require instant data recovery to ensure business continuity in the event of a disaster, to regulated industries that require some information to be stored within their own premises, and businesses requiring data space that can be rapidly scaled up or down in sync with fluctuating demand.

With private clouds increasingly being adopted in tandem with public-cloud models, virtual-machine sales were already outstripping sales of physical servers by 2009. A Microtrend 2011 survey found many businesses were using all three cloud models almost equally.

The next generation of hybrid clouds and the rapidly multiplying array of user endpoints are spawning a deadly new generation of security threats. The expanding cluster of mobile devices and cloud models is leading to an increasing fragmentation of corporate data across multiple clouds and devices with different types of data protection, placing corporate data at the mercy of vastly different security models.

A third (33 per cent) of businesses already support mobile operating systems, and many businesses already make corporate information available through tablets, yet 66 per cent of businesses polled by the Ponemon Institute had recorded mobile device losses in the past year alone.

The modern ecosystem of mobile devices interconnected with multiple cloud models creates an interdependency between cloud providers, businesses and end-users with alarming implications. Imagine a scenario where an employee using mobile device support could have both the corporate data and personal data stored on their phone accessed by anyone who hacked into the cloud provider.

Conversely, if the employee later misplaced their tablet, it could provide root-level access to sensitive business data stored in private or public clouds and available through easy-to-use apps. Also, employers are at risk of prosecution if they wipe personal data stored on employees' tablets when attempting to remove corporate data.

With 40 per cent of businesses planning to manage hybrid clouds through in-house teams, the implementation of data-security policies across different cloud models, devices and tiers of data could become an admin nightmare for corporate IT staff.

Businesses need solutions which can safeguard fragmented corporate data across multiple devices and clouds in line with corporate policy. Yet companies are currently adopting only patchwork solutions, which fail to take into account the abundant array of security threats.

Datacastle's RED software automates the process of integrating all business data-security policies through a central policy framework, by combining remote deletion, remote port-locking, automatic encryption, device trace, automatic backup and data restore through a single agent, tailored to the policy needs of the organisation and designed for a hybrid-cloud model.

A unified cloud-computing infrastructure will only help business get the best out of cloud technology if it can be protected under the umbrella of a unified security framework.

Gary Sumner is CTO and founder of Datacastle


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events