Issue link: https://digital.copcomm.com/i/24311
T here’s no reason data stored in the cloud can’t be more secure and reliable than data stored on-premises. To make this happen, consider four key factors: operational expertise, controlled environments, encryption architectures and redundant infrastructure. All key factors can be done on-premises, but that can be expen- sive and difficult, especially for processes that are not core to a business. By core, I’m referring to something that differentiates a company in the eyes of customers, such as the type of prod- ucts a company provides. Everything else is context, which is important, but doesn’t impact business in the same way. Controlled Environments A SaaS solution needs a scalable environment made for performing one task (or set of tasks) in an automated, repeatable, and dependable way. Therefore, cloud providers need a homogenous environment from an OS monitoring tool and even hardware point-of-view in order to increase visibility and decrease risk exposure. In this environment, there’s not one key person who has access to everything. Instead, there are strict controls regarding when and who can do what, which should be automated to provide an additional level of security. Can Data Be More Secure in the Cloud? About Andrés Kohn Andrés Kohn is currently responsible for Proofpoint’s email archiving business unit and has been responsible for setting Proofpoint’s product direction since the inception of the com- pany. In addition, Andrés is responsible for developing strategic technology partnerships that complement Proofpoint’s solution offerings. He joined Proofpoint from Critical Path, where he was director of product management and responsible for the global direction of their messaging products and services. Before joining Critical Path, Andrés held several product marketing positions at PeopleSoft, and various management roles at International Paper as well as Procter and Gamble. Andrés holds a B.S. degree with distinction and an M.S. degree in engineering from Cornell University. He also holds an M.B.A. degree from Stanford University. Guest Columnist: Andrés Kohn, Vice President of Technology and Product Management, Proofpoint, Inc. www.proofpoint.com By moving context functions to the cloud, organizations can reduce costs and redirect those savings to core functions. Operational Expertise Security features must be planned for and built into every part of the solution, even for components that aren’t core to a customer’s needs. For example, by owning most components of the SaaS technology stack, an organization can leverage secure software development lifecycles to ensure that security best practices are accounted for in core software, tools, processes and monitoring systems. A cloud solution also needs dedicated staff for monitoring, security, architecture, platform development, compliance and engineering. Having a dedicated and specialized staff both ensure expertise, and also increase security, because vulnerabilities often happen when technology is implemented without the right level of proficiency. A cloud solution should also ensure, through continuous validation and auditing, that the right things are being done through a variety of mechanisms, whether those are SAS 70 Type II audits, internal audits, or security probes. Additionally, cloud services need to operate at scale for specific applications not found in a typical enterprise, which in turn creates a need for automation, ensuring that all the right tasks are happening at the right times. 16 MESSAGING NEWS FEBRUARY 2011 Data Encryption Architecture Enterprise-class cloud vendors must ensure that data is en- crypted both in transit and at rest, no matter where it resides. Crucial to this are encryption keys, which should be separated from the data or application. One way is to have data in the cloud and keys onsite. Alternatively there could be one cloud where keys are maintained and stored and a separate cloud for data encryption and decryption. Those clouds should com- municate through controlled protocols so unauthorized users can’t access both. Redundant Infrastructure To deliver services reliably, across multiple datacenters and at scale, cloud solutions need redundant infrastructure. To ensure reliability and disaster recovery, it should be at the core of all architecture. Redundancy is often overlooked because it is complex, not al- ways cost-effective, and many times it’s an afterthought. But it provides additional security. If attackers target one datacenter, other datacenters are still running. If an organization looks for SaaS solutions that hit on all of these four factors, they can rest assured that their data will be secure and reliable, even in the cloud. AK/TMP BE OUR GUEST