Cloud computing is evolving at a rapid pace. Today, there’s a range of choices for moving applications and data to cloud that includes various deployment models from public and private to hybrid cloud service types. Organizations are seeking ways to utilize multiple clouds as part of a broader digital strategy. With a multicloud approach, companies can avoid vendor lock-in and take advantage of the best-of-breed technologies, such as artificial intelligence (AI) and blockchain.
And, the business benefits are clear: improved flexibility and agility, lower costs and faster time to market.
According to an IBM Institute for Business Value survey of 1,106 business and technology executives, 85% of organizations are already operating multicloud environments, and 98% plan to use multiple hybrid clouds by 2021. However, only 41% have a multicloud management strategy in place.
When it comes to choosing cloud solutions, there are many options available. It’s important to understand the differences between the types of cloud deployment and cloud service models and understand how the sensitive data within these environments can be protected.
Understanding Cloud Service Models
Over the past decade, cloud computing has matured in several ways and has become a tool for digital transformation worldwide. Generally, clouds take one of four cloud service models: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and database as a service (DBaaS).
- IaaS allows organizations to maintain their existing physical software, middleware platforms and business applications on the infrastructure provided and managed by the service provider. Organizations benefit from this approach when they want to quickly take advantage of the cloud while minimizing impact and using existing investments.
- PaaS allows companies to use the infrastructure and middleware or software, provided and managed by the service provider. This flexibility removes a significant burden on a company from an information technology (IT) perspective and allows it to focus on developing innovative business applications.
- SaaS is a service model that outsources all IT and allows organizations to focus more on their core strengths instead of spending time and investment on technology. It offers SaaS to the end users. In this cloud service model, a service provider hosts applications and makes them available to organizations.
- DBaaS solutions are hosted and fully managed database environments by a cloud provider. For example, a firm might subscribe to Amazon RDS for MySQL or Microsoft Azure SQL Database.
With each step, from IaaS to PaaS to SaaS to DBaaS, organizations give up some level of control over the systems that store, manage, distribute and protect their sensitive data. This increase in trust placed in third parties also presents an increase in risk to data security.
Cloud deployments work on a shared responsibility model between the cloud provider and the consumer. In the case of an IaaS model, the cloud consumer has room to implement data security measures much like what they would normally deploy on premises and exercise tighter controls. For SaaS services, cloud consumers have to rely on the visibility provided by the cloud provider which, in essence, limits their ability to exercise more granular controls.
It’s important to note that regardless of the chosen architecture, it’s ultimately your organization’s responsibility to ensure appropriate data security measures are in place across environments. To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud, read the “Overcoming Data Security Challenges In a Hybrid Multicloud.”
Keeping Your Sensitive Data Safe Everywhere
Organizations must adopt a consistent and unified approach to hybrid, multicloud data security given the evolving threat landscape. Consider the following questions:
- What data is staying on premises?
- What data is moving to the cloud?
- How can data access be monitored?
- What types of vulnerabilities should be considered?
- How can we demonstrate compliance with data security and regulatory requirements?
With these questions answered you’ll have a better understanding of the current and future state of your data environment. As a result, you can start to apply in-context data access controls that accommodate the different data types and their location. Controls should include flexible access policies, data encryption, tokenization, as well as data masking, blocking and redaction etc. Having a wide range of data protection options not only allows you to apply the appropriate levels of protection to address your specific data security and compliance needs, but it also helps ensure that your controls are not adding unnecessary friction for users who are authorized to access that data.
Today, organizations must think beyond just complying with industry regulations such as Health Insurance Portability and Accountability Act, Payment Card Industry and Sarbanes-Oxley. The realities of cloud-based storage and computing mean your sensitive data across hybrid multicloud systems could be subject to privacy regulations.
If your data is in a public cloud, you must be aware of how the service provider plans to protect your sensitive data. For example, according to the European Union (EU) General Data Protection Regulation, information that reveals a person’s racial or ethnic origin is considered sensitive and could be subject to specific processing conditions. These requirements even apply to companies located in other regions of the world that hold and access the personal data of EU residents.
It’s important to understand that whatever your deployment model or cloud service type, data security must be a priority. What’s of great concern is your sensitive data now sits in many places, both within your company’s walls and outside of them. And, your data security, data privacy and compliance controls need to go wherever your data goes.
To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud world, read the ebook, “Overcoming Data Security Challenges in a Hybrid, Multicloud World.”
Download the Ebook
Sr. Technical Product Marketing Manager, Guardium Data Security
Rob has over two decades of experience in the IT industry, including 5 years at IDC as Research Director for Enterprise Systems and Service Management Softwa...