Protecting company data is the biggest concern that Indian CIOs have when using an external supplier to provide cloud services as 29% plan to use the public cloud this year and 35% private cloud, according to Techtarget research.
Of the 300 responses, protecting company data ranked as the number one concern. The second biggest concern is reliability with SLA enforcement and migration of workloads to the cloud posing the third and fourth biggest concerns.
Data presiding in the cloud introduces new security challenges to CIOs. Indian companies are behind in cloud adoption because
Cloud Service Provider (CSP) data centers are located outside India and there is a perception of insecurity.
More on cloud
Turning over control of the security of their IT infrastructure and data is an uncomfortable situation for any senior corporate manager, but cloud computing is hard to ignore because it provides cost benefits, elasticity and always-on features.
Keith Prabhu, founder of the Cloud Security Alliance, Mumbai Chapter, told searchsecurity.in in July that The key security issues inhibiting the adoption of cloud in India are due to the geographical location of CSP data centers. “Because none of the major and reputed CSPs have their data centers in India, companies find it difficult to take the decision to put their data on the cloud, which may come under scrutiny of US and EU laws.”
Brian Lowans, principal research director at research firm Gartner, said: “Data security risks are compounded by the use of SaaS solutions where suppliers and/or CSPs have access to enterprise data, encryption keys or tokens. It is critically important to assess the risks and apply mitigations (where reasonable) to satisfy an acceptable requirements while not losing the desired functionality.
Cryptographic techniques, such as encryption and tokenisation, have been developed to help with compliance and data residency issues. But many of these solutions are immature and some have unproven security architectures.”
He said the main options and there pitfalls are:
- On-premises file/database cryptography — these solutions protect the data on site before storing in the cloud and used for backup and file-sharing. These are low-risk solutions where the keys/tokens are applied and stored on-premises.
- Cloud gateways — typically these solutions use physical or virtual appliances on-premises and provide proxy integration with SaaS applications such as salesforce.com. Sensitive fields can be encrypted or tokenised. Check that any trade-offs between security and SaaS functionality are acceptable.
- Cloud-based cryptography systems require the availability and management of encryption keys or tokens in a public or private cloud environment. Different solutions are emerging that operate in the public cloud (VMware and hypervisors), while other solutions are emerging in private clouds as managed security services.