Protect your data with a cloudy mixture

Where should it live?

3 Big data security analytics techniques

Many organisations today are facing the challenge of fast-changing operating conditions. At the same time, they are ever more dependent on the data and information they hold. How can they best store and protect corporate data? Is cloud the right answer or only part of it?

Securing and protecting data has been a major issue for businesses ever since computing took hold. More than 20 years ago, the rapid spread of personal computers exacerbated the situation, forcing organisations to seek ways to protect information held across many machines. PCs were under the control of their users rather than subject to central IT management.

Laptops presented a new challenge, namely how to secure and protect data that might be mobile and disconnected from the corporate network.

The fact that laptops are easy to lose has added a further complication, as has the advent of the myriad smartphones and tablets now being used to access company systems and store yet more data locally.

Location, location

Overlaid on these practical challenges is the regulatory and legislative pressure being put on organisations to ensure sensitive data is properly protected. Meanwhile, users expect instantaneous access to business information from wherever they are working, creating a need to make data universally available.

Centralised lock down, while attractive to IT people, is therefore not an acceptable way forward for most users.

There are many products designed to protect data in the backup, recovery and data storage arena. The selection of this kind of software depends on the precise requirements of the organisation, its infrastructure and the skills and experience it has available.

Product selection is beyond the scope of this article but we will focus on whether developments in the cloud arena can help.

Good old personal preference can also be a factor

When thinking about the potential role of the cloud, the options are based on where primary data and secondary (for example replicated or backed-up) copies of data may be held.

The decision boils down to three choices: in-house, in the cloud (in other words hosted), or a combination of both, the so-called hybrid option.

As ever, the approach chosen will depend on the requirements for speed of access, data volumes and various risk-related factors. Good old personal preference can also be a factor, though one that is seldom acknowledged openly.

Know your data

Experience indicates that when trying to reach decisions on the appropriate approach to data management, security and protection, many organisations fall at the first hurdle because they don’t have a handle on their data.

They don’t know exactly which data exists, where it is held (including copies), its importance to the business and who precisely it is valuable to.

This is a particularly problem when it comes to laptops, home PCs and the expanding array of smartphones and personal tablets being used in business. Tackling this lack of visibility is a crucial first step in making informed decisions on data management.

Once you understand your data, you can base decisions on the organisation’s requirements and constraints, bearing in mind that what is suitable for one application or dataset may not be for others.

Where in the world?

An important consideration when thinking about cloud providers is whether the location of data is subject to any regulatory, legislative or governance-related restrictions, especially where storage of sensitive material is involved, such as customer data, employee information, financial records or intellectual property.

This is not just about whether the data lives on or off-site, but where a service provider will be storing it geographically on your behalf.

The next step is to address the practical issues. One is to identify latency-sensitive classes of data, where speed of access (response time to the user) is critical.

Unless you have extremely fast and reliable communications with your service provider, the primary location of such data is likely to be at your own facilities. This does not, however, rule out storing a replicated or backed-up copy of the data in the cloud for the purposes of disaster recovery or perhaps collaboration.

For primary datasets residing in-house for regulatory or compliance reasons, or simply for comfort, storing secondary copies in the cloud for backup or disaster recovery may be a useful option but will necessitate additional measures such as encryption.

Where latency or data sensitivity are not an issue, other datasets can be kept in-house or moved to an external service provider or the cloud. Naturally, when looking at providers the usual quality-of-service assessments and due diligence investigations applied to other suppliers must be carried out.

Only the best

Using the cloud or external service providers for storing secondary copies of data for protection or disaster recovery can offer significant advantages for organisations that operate out of a single location.

Such solutions may also prove attractive for storing primary copies of data to be shared by many users inside or outside the organisation.

Equally, cloud storage could also be used by those wishing to access data from many different devices, avoiding the need to manually move information between systems. It is important to consider the synchronisation of data between the devices, as we expect requirements in this area to grow quickly.

The main thing is to keep an open mind and consider the options in context. For all but a minority of highly sensitive, not to say paranoid, organisations, a hybrid approach to data storage is likely to offer the best balance between cost, flexibility and risk management if decisions are made on a case-by-case basis. The aim is to have the best of both worlds. ®

Tony Lock is programme director at Freeform Dynamics

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.