Cloud computing is gaining in the tech world, and the reason is simple: cloud environments give businesses the agility, flexibility, reduction in costs, and portability they need to compete in today’s markets. But there are a few key questions businesses should answer before they jump into the cloud. Specifically, they need to ask how they’re going to comply with security standards and protect customer and company data.
Luckily, VMware recently sat down with Allen Shortnacy, Partner Architect at VMware, and Phil Hochmuth, Program Manager of Security Products at IDC, to discuss the challenges facing security and compliance in cloud environments. During the webinar, we asked participating audience members about their experiences with security and compliance on the cloud. Here’s what we found:
The Problems of Rouge Clouds and Cloud Sprawl
Rouge clouds — the use of external cloud services by individuals and business units without IT approval — are an obvious compliance and security violation, but it’s shockingly common. IDC reports up to nearly 70% of enterprises have reported rouge cloud violations.
So why does it happen? The answer lies with traditional IT structure and methodologies — ones which business units and individual workers find prohibitively sluggish and obtrusive. This also means that company data is spread across multiple services and providers, making it virtually impossible to track and manage sensitive data. Fortunately, Hochmuth believes that trend will change as more enterprises shift to a cloud environment.
Concerns on Moving to The Cloud
For a better understanding of what to expect when moving to the cloud, users need to understand what qualifies as a data breach, and what qualifies as a compliancy violation. It’s not as straight forward as you’d think: a data breach, Hochmuth states, is any exposure of sensitive data to the wrong ecosystem — regardless of whether that data was abused or not.
IDC has found that 47% of enterprises have had an incident where intellectual property, customer data, or financial data, was moved into a cloud environment in a manner which violated company policy. That, of course, qualifies as a data breach.
In order to avoid these sorts of breaches, business units, legal teams, and potential partners need to sit down and hash out which compliance rules are realistic, how sensitive data will be sent over networks, where it will be stored, and who will have access to that data. Discussing security, too, from implementing two-factor authentication to encryption is a topic for discussion as well. After all, responsibility for security and compliance doesn’t rest with just IT teams; it rests with every member of a business.
Finding the Right Partner
All of this boils down to finding the right cloud service provider. As Shortnacy and Hochmuth discuss, that means clear communication on both ends. After all, a service provider shouldn’t unknowingly enter into a partnership that will allow a partner to operate in a breached state and you shouldn’t enter into a partnership that doesn’t enable you to operate. This means discussing security and compliance management with providers to learn what is, and isn’t, possible, as well as what security features, from two-step authentication to data encryption, will come with the service.
How VMware Can Help
VMware has the technology and the reach to make switching to the cloud easier. As the industry’s only integrated end-to-end cloud platform, the vCloud Suite includes comprehensive security services ranging from firewalls to gateway security services. Our VMware Service Provider Program also features premier partners who can ensure that your data is safe on the cloud. For a look at the VMware partners offering these services visit http://vcloudproviders.vmware.com/?src=vcld-2013-3-blog-vCloudProviders-o-in-893.
To make consuming public cloud services from VMware partners easier, VMware offers the VMware Cloud Credits Purchasing Program. This program enables technology managers to buy credits from their preferred VMware Solution Provider and then allocate them to the company’s various business and IT units through the MyVMware management portal. Through the same interface, users can redeem their credits with approved VMware vCloud Service Providers on a self-serve basis.
The VMware Cloud Credits Purchasing Program can also address your cloud environment concerns. The program, while working to make public cloud services from VMware partners easier for you, also helps to relieve your budge limitations by centralizing your cloud workflow in one easy-to-use, secure, solution.
For further insight on addressing cloud security and compliance issues, sign up here to watch VMware’s full webinar and clear the air around cloud security and you.