Three key cloud data security considerations have been detailed to enable proactive control of data security.
As IT processes move to the cloud, Axway has issued proactive cloud security guidelines to encourage companies to become cloud ready. These were: revisiting cloud security expectations, leveraging on-premise ‘command and control' and considering ‘private cloud' models.
It said that organisations must have the same expectations for data security in the cloud as for on-premise data security and should expect vendors to work with them to meet these expectations. It also claimed that as cloud providers often overlook internal data security, rather than focusing merely on perimeter and data centre security, many cloud vendors only provide vague assurances of data centre perimeter security, but offer no guarantees on who can access sensitive customer data.
Also as multi-tenant cloud applications can be inexpensive but do not assure the segregation of data, or the visibility required for corporate governance and regulatory compliance, Axway said that private, single tenant applications in the cloud can still offer many of the advantages of cloud computing, while limiting the security risk.
Taher Elgamal, chief security officer at Axway, said: “Enterprises have spent years establishing effective internal security, but the rapid shift to cloud-based applications raises many challenges.
“Axway is leading the industry's thinking on extending on-premise data security controls to the cloud, enabling enterprises to rest easier as their business interaction networks move to take advantage of cloud computing's advantages.”
Last week the Cloud Industry Forum (CIF) voiced concern that UK businesses are confused about cloud computing. In a survey, it found that 24 per cent of IT decision-makers failed to adequately define cloud computing, while 25 per cent of respondents believed that cloud computing does not offer a secure environment for the types of applications they require.
Andy Burton, chairman of the CIF and CEO of Fasthosts, said: “Businesses need to trust and know exactly what technology and provider they are investing in. The absence of a clear definition of who you are dealing with, and how they operate, results in an inevitable lack of trust which is why firms are failing to take up the cloud.”