Getting started with cloud compliance

April 18, 2012

Cloud compliance issues arise as soon as you make use of cloud storage or backup services. By moving data from your internal storage to someone else’s you are forced to examine closely how the data will be kept so that you remain compliant with laws and industry regulations.

It’s a common misunderstanding that regulatory compliance requirements preclude many organizations being able to leverage outsourced, managed cloud services. Depending on the cloud services provider you choose, you may not only be able to meet your existing compliance concerns, but the cloud provider is likely to have controls and processes that improve your compliance program.

The main questions in regard to compliance:

Virtually every regulation requires organizations to adequately protect their physical and informational assets. To do this, there is an implied and assumed ability to control and prove:

  • What information is store on the system?
  • Where is the information stored?
  • Who can access the system?
  • Is the access appropriate?

All of these questions imply some level of ownership of the assets in question, and that is where cloud compliance issues become apparent. In the public cloud environment, you are able to answer the first of those questions with certainty; the other four however, end up posing a compliance problem.

In a typical corporate data center or a co-location center, everyone knows where the disk and physical server reside, and that fact can be proven during an audit. Even a shared service provider can typically tell you which physical systems you are utilizing and identify the data location for audit purposes.

As far as the “who” is accessing your data, you can control that inside your organization, but you also have to take into account that your provider’s staff can access your systems as well. The main people you need to be concerned about in this regard are the administrators, both systems and application. With that being said, regardless of who will have access to your application and storage data offsite, it should be encrypted before it leaves the boundaries of your organization

Finally, the question of “why” they need that access. This is basic as it relates to security – access should be based on job role and a clear description of the level of access needed should be provided.Working with a reputable managed service provider may be an excellent way to leverage expertise and processes you may not otherwise have in-house, and mitigate some risk by assigning responsibility to a 3rd party you can hold accountable to protect your data. The cloud is rapidly becoming the data protection platform of choice for highly regulated industries because more organizations are leveraging the expertise of these pure information-centric service providers.

Leave a Comment » | Managed Service Hosting, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Adding a cloud tier as part of your business continuity and disaster recovery plans

March 20, 2012

Cloud Backup and Recovery plays a significant role in data protection strategies, but there are slight nuances to its use in these situations. In each case, a copy of data is stored in a cloud container and can be retrieved to facilitate recovery.

  • Backup Software-as-a-Service is when a service provider offers an online backup application and cloud-based storage for backup process. Backup SaaS can leverage the Public and Private Clouds as well as take a Hybrid approach, by combining both on premise and off-premise storage. The solutions provided by Asigra service providers fall under this category.
  • Cloud Storage Services provide a third-party, cloud-based tier of storage for  on-premises backup and archive solutions. On-premises, licensed backup products integrate with cloud storage providers’ APIs to enable the transfer of data into the cloud tier. This tier includes lower-end solutions  like Dropbox, Box.net, EMC Mozy, Carbonite, Acronis, JungleDisk, etc.
  • Cloud-based Disaster Recovery combines both cloud computing and cloud stage services to enable failover to a cloud-based instance on an on-premises server.

Using the cloud as a tier

The “Cloud” can provide an additional tier of storage, working well to compliment data backup as a replacement to tape. The “Cloud” is unlimited in size and by employing a Managed Services Provider, can eliminate the resources required to acquire, install, configure, maintain and provision on-premises backup storage. This also provides a key component in Disaster Recovery planning and operation – the backing up of data to an off-site location.

You may be thinking about leveraging the cloud in your business – and you’re not alone.  Your primary concern is probably security, access and control once data leaves the boundaries of your company’s firewall. It’s important to look for service providers who can provide you with FIPS 140-2 Encryption certification and SAS 70 or ISO 27001 accredited data centers. You’ll also need assurances that you can easily retrieve and move your data if necessary – all of which should be outlined and detailed in the Service Level Agreements.

The greatest thing about implementing Cloud Backup for your business is you will likely see an improvement in recovery time objective when recovering individual files and small data sets because they can be located and sent back directly over the network. This alone beats Tape backup hands down.

At C24 we are experts in cloud based back up and recovery solutions for more information please visit www.c24.co.uk

 

3 Comments | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , | Permalink
Posted by david ricketts

Is your data secure in the cloud?

November 25, 2011

One of the main concerns from end users about cloud storage is its security. “I am legally obliged to keep my data inside the country’s boundaries; where would you store it?” “How do I know it’s safe?” “How do I know I’m the only one that can access it?” These are all questions that cloud computing vendors and resellers have been striving to answer, and reassure their customers about since this service delivery model was first introduced.

However, today there is a variety of ways in which cloud solutions providers i.e. vendors, resellers and Managed Service Providers (MSPs), can near-guarantee data security and among the most sophisticated near-guarantee of security is encryption. This is a simple yet effective process that will put many customers’ minds at rest, and is therefore a powerful tool for the channel.

Before data leaves the end user’s datacentre it is encrypted at the source and it stays so while it gets transmitted to the cloud, essentially the data is encrypted at rest and in flight to ensure the data remains secure, where it also remains encrypted. Therefore, anyone trying to intercept this data while it is being transferred would only capture encrypted files; access to confidential content is hence not possible.

In order to access data in its un-encrypted form, it needs to be unlocked and the only key resides with the customer, ensuring that the stored version of the data is as safe and secure in the MSP’s datacentre as if it was in-house. Depending on the required level of security, keys can have between eight and 32 digits. So far, so secure.

Safeguards can be applied at various levels to ensure the security of customers’ data from cradle to grave including encryption key escrow management capability. This allows for an additional security provision to be put in place should a customer lose or forget their encryption key. Measures of security (or lack thereof) will often be a deal breaker so any reseller or cloud service provider looking for that extra element of differentiation should certainly look into having as many of these security measures in their portfolios. Amongst the most important factors is to ensure that the underlying technology vendor has a third-party certification of the encryption elements in its products, like a governmental body. It is not enough that a vendor claims their product is secure and it incorporates some form of cryptology. The real question is whether anyone has actually verified that the encryption was implemented properly so it cannot be defeated. This is the comfort level that a recognised third-party certification provides.

In the cloud data centre itself, the security of the data is protected even from datacentre operations staff due to its encrypted format. Cloud operations personnel do not have unauthorised access to the decryption key, meaning that customers should feel safe in the knowledge that their data is visible only to them. Building a level of trust such as this is “key” (excuse the pun) when establishing channel relationships, as trusted resellers are the ones to whom happy customers will return, and will be recommended to others.

It is details such as this that give good relationships the advantage; in order to provide the best possible service it is necessary to understand the technology being utilised and leverage it to each customer’s advantage. Thus, fears about the security of data in the cloud should be greatly reduced. Customers who feel happy with the level of security, support and flexibility provided are the ones with whom relationships will flourish.

1 Comment | Application Hosting, Managed Service Hosting | Tagged: , , , , , , , | Permalink
Posted by david ricketts

The Storage Problem You Can’t Ignore?

July 6, 2011

It’s not news that storage is swamping IT budgets. Our 2011 InformationWeek Analytics State of Storage Survey shows the amount of actively managed storage expanding at around 20% per year. In our practice, we work with a few companies dealing with growth levels in excess of 50%. At this rate, most data centers double storage capacity requirements every two to three years. And as employees start using multiple mobile devices and consumer applications for work, that estimate could be conservative.

In our first InformationWeek Analytics Public Cloud Storage Survey, fielded in April, 59% of respondents using, planning to adopt, or assessing public cloud storage services called out email as the application most responsible for storage growth, followed by increasing demand from new or planned applications (58%). Seventy-six percent said they’re somewhat or very concerned about storage costs, and most CIOs we speak with insist they’re actively seeking to reduce those expenditures while still keeping data available. So you can imagine our surprise that, when asked exactly what they’re spending per gigabyte, nearly half our survey respondents said they have no clue. They have data retention policies, but enforcement is all over the map. When we asked about strategies that could lower storage costs, we got a virtual yawn: Just 10% plan to use external storage services within the next two years. Only half are taking advantage of storage virtualization. Sixty-one percent either make do with the management tools provided by their storage vendors (53%) or don’t actively manage storage resources at all (8%).

To view full article visit: http://eddblogonline.blogspot.com/2011/06/storage-problem-you-cant-ignore.html

Thanks to ediscovery news as well.

If you need to address your storage issues, C24 are experts at on premise and cloud based storage and are currently helpding countless organisations address this ever growing problem. For more information visit www.c24.co.uk

Related articles

Leave a Comment » | Managed Service Hosting, Marketing | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 752 other followers