Closing the Cloud Security Gap

Michael Vizard

One of the biggest concerns customers have when it comes to software-as-a-service applications in particular and cloud computing in general is storing sensitive data in the cloud.


But what if IT organizations could allow users to access SaaS applications without having to store sensitive data in the cloud? That's the premise behind a Privacy, Residency and Security (PRS) data governance appliance from PerspecSys.


A new survey conducted by The Ponemon Institute shows that IT organizations are struggling with security associated with cloud computing. But PerspecSys CTO Terry Woloszyn says the real issue is finding a way to take advantage of SaaS applications in the cloud without being required to store all your data in those applications.



Instead, Woloszyn says the PRS data governance appliance allows IT organizations to label data as sensitive within a SaaS application. That data is then stored locally on the PRS appliance, rather than transferred to the SaaS application. From a user perspective, however, the data in the cloud and the PRS appliance is presented together seamlessly every time the application is accessed.


At the moment, the PRC server works with SaaS applications from Salesforce.com. But Woloszyn says the company will shortly add support for a range of SaaS applications and cloud computing platforms as the company develops a plug-in for each environment.


With IT organizations trying to find the middle ground between the lower costs and flexibility of cloud computing on the one hand, and security and data governance on the other, PerspecSys may be one of those rare examples of a company being in the right place at just the right time.



Add Comment      Leave a comment on this blog post
Jun 1, 2010 3:23 AM apple apple  says:

Enterprise search is one of the main part on SharePoin for organizations to increase productivity and reduce information overload by providing their employees, partners, and customers the ability to find relevant content in a wide range of repositories and formats.For more information, you can visit http://www.nsynergy.com/Products/SharePoint/Pages/Enterprise_Search.aspx or mail to info@nsynergy.com.

Reply
Jun 9, 2010 7:26 AM CloudNinja CloudNinja  says:

For these scenarios - a hybrid solution where the sensitive data is kept in-house on the "Private Cloud" while putting the rest of the application on a "Public Cloud" can avoid security concerns.

Another angle by John Mullinax on the topic is: "Companies trust their data to external environments all the time.  They generally do not trust ALL their data to these environments, for good reasons.  But they generally do trust SOME of their data.  It's a good dialogue to have - what data is ok in the cloud? -- but as cloud computing is maturing, we also need to have a more nuanced conversation about trust and the cloud.  The question of when will everything move to the cloud has largely been answered... it's not likely going to happen.

The Cloud represents a new generation of computing paradigm, but like the platform paradigms that have come before (mainframe, mini computer, PC, client-server, web - all of which are still around) we should not expect the cloud to replace everything that came before it.

The question to ask is what data would make sense in the cloud?  Or even better, what parts of my technology and data portfolio should live in the cloud? 

It's a good discussion topic, and there's no one right answer for everyone.  Since Windows Azure has been purposefully designed interoperate/span across on-premise boundaries, there are many options on the continuum between cloud and on-premise. 

BTW, with highly automated service provisioning and data center operations, ISO 27001 certification, SAS70 certification, etc... the Microsoft data centers that run Windows Azure are probably "safer" and more reliable than many other environments.    More than safety and reliability, what you give up to some degree is loss of direct control. "

IMHO, when considering security, 2 items need to be addressed:

1) Physical security of the hardware 2) Security of the Data - here are some resources I've found that discuss this and act as guidelines when considering security and the cloud:

Physical security:

http://www.globalfoundationservices.com/security/index.html

http://www.globalfoundationservices.com/security/documents/SecuringtheMSCloudMay09.pdf

Data Security:

http://www.research.microsoft.com/en-us/projects/cryptocloud/

http://www.research.microsoft.com/en-us/projects/secpal/

thoughts?

hope that helps

-cn

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.