The cloud: Everything from choice to compliance and protection

Hybrid cloud: The best of both worlds?

Organisations are migrating to the cloud in their droves, because of business benefits it brings; such as agility, cost savings, efficiency and performance.

But, each business is an individual.

“Not all businesses derive the same benefits from the technology [the cloud], nor do they all have the same requirements,” explains Javid Khan, Chief Cloud Officer at Pulsant.

“This is especially true when it comes to choosing between private and public cloud models, managed hosting and colocation. In addition, they may not be allowed to move certain information into the public cloud due to regulatory or business requirements.”

Javid Khan was recently appointed as Pulsant’s Chief Cloud Officer.
Javid Khan was recently appointed as Pulsant’s Chief Cloud Officer.

Hybrid cloud represents the best of all worlds.

“It allows organisations to use whichever cloud or hosting model best suits their requirements, regulatory frameworks and business objectives. This could mean using private cloud to host sensitive data and public cloud to host other business systems, or it could mean maintaining their investment in existing technology (such as colocation), while using public or private cloud as well to capitalise on performance and cost benefits,” says Khan.

The move to the cloud

Agility, flexibility, scalability and eventually, digital transformation (or digitisation). This is why organisations are moving to the cloud in their droves. Read here

Protecting data in the cloud

When the cloud first emerged, and businesses began to consider adopting it there was an immense barrier to overcome: data protection.

Protection is everyone’s concern, or at least it should be, and initially, businesses viewed the cloud with scepticism regarding its vulnerability.

It is now established that the cloud is — in fact — secure.

Cloud security – who should take ownership in the enterprise?

Gary Marsden, Senior Director, Data Protection Services at Gemalto, explains who should be most responsible for protecting sensitive or confidential data in the cloud. Read here

“It’s up to the cloud provider to ensure there is the right encryption and infrastructure security in place. Large public cloud vendors like AWS and Microsoft Azure have security processes embedded in their technology to ensure their infrastructure is secure,” confirms Khan.

“It’s up to the customer, however, to have the right safeguards in place to protect their data (just like they would if they hosted the information in-house), such as backup, disaster recovery plans, encryption and anti-virus,” he continues.

Compliance in the cloud

IT compliance is a meandering and complex landscape to navigate.

“When it comes to cloud, there are a number of regulatory frameworks that apply, such as ISO 27001 for information security and ISO 27017 for cloud services,” says Khan. “While businesses may achieve compliance, the rate of change in the industry, business growth and regulatory shifts means that maintaining that compliance cloud be a challenge.”

Continuous compliance

Cloud compliance isn’t a one-off, check box activity. It is a journey that doesn’t end with achieving compliance. Just like digital transformation doesn’t have an end-state; it is continuous.

“It’s an organisation-wide commitment to ensuring the business’ IT systems do not fall out of compliance,” says Khan.

“Continuous compliance is the ability or capability of an organisation to keep a handle on their IT compliance requirements and ensure they remain compliant and are alerted when they aren’t with a view to remediating that,” he continues.

“But it can be challenging for a number of reasons, including difficulty in managing compliance frameworks, the rate of change internally and externally, and a general lack of understanding when it comes to compliance.”

Security and compliance concerns eroding confidence in the cloud

New research from Advanced reveals 88% of firms say cloud providers need to do more to build confidence. Read here

Continuous compliance challenge

• Risk management and compliance frameworks are massive and are difficult to manage in terms of the requirements that need to be met. And if organisations are dealing with more than one framework, the complexity is magnified.

• Businesses are influenced by a number of things, internally and externally. As the organisation grows, requirements change. In parallel, the market is also changing, as is the technology landscape. The compliance framework therefore covers environments that are changing while also being influenced by external factors.

• There is a lack of understanding around what compliance means and what it applies to. What should be monitored, when should it be monitored? When should you do it? How do you should you report on it, and how can you prove compliance?

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.