By far, the number one question users considering a move to cloud storage ask is whether or not their data will be secure. Storing data offsite doesn't change data security requirements; they are the same as those facing data stored onsite. Security should be based on business requirements for specific applications and data sets, no matter where the data is stored. Users evaluating cloud storage service providers should demand the same type of security controls they would in their own data centers with regard to physical security, data encryption, and network security.
To protect sensitive data, many storage vendors now offer encryption capabilities with their enterprise-class systems. In spite of increasing privacy legislation and an avalanche of publicly-disclosed data breaches, most large organizations believe their enterprise storage systems are relatively well-protected and thus continue to forego encryption. Some storage vendors are now proposing self-encrypting drives for another use case: data destruction. By deleting encryption keys, these vendors believe they can help enterprises automate data destruction processes. In theory, this is true—but ESG research demonstrates that, though key deletion for data destruction may have some niche market appeal, it is not a “killer app” for storage encryption across the broad enterprise market.
While laptop computers and other mobile devices offer significant benefits in terms of convenience and employee productivity, the loss or theft of a mobile system containing confidential information continues to be an all-too-real nightmare for security organizations. With confidential data increasingly distributed across disparate users and devices, IT departments must ensure that mobile computing devices, such as laptops, are protected by a comprehensive security strategy that includes full-disk and other encryption technologies.
Confidential data resides everywhere—from locked-down data centers to mobile devices—and is increasingly accessed by a wide range of constituents—from employees to contractors and business partners. How can CIOs and CISOs possibly secure confidential data when it is in a constant state of motion? The ESG “Outside-In” data security model seeks to put confidential data security in context by anchoring data security to risk metrics, categorizing risk zones, and recommending security controls. When properly and consistently applied, ESG believes that the “Outside-In” security model can help organizations improve confidential data security while making this data more productive for global network-based business processes.
The positive impact that server virtualization has had on computing infrastructures has led IT staffs to look for ways to extend these benefits to other areas of their operating environments. One such opportunity involves the centralization of desktop computing via VDI (virtual desktop infrastructure) technology. While centrally executing and managing desktop images offers many benefits to both IT and end-users, the potential impact on the network and other underlying data center infrastructure should not be overlooked.
ESG surveyed 308 North American and Western European IT and information security professionals representing enterprise-class organizations (1,000 employees or more) that were responsible for or familiar with their organization’s current policies, procedures, and technologies used to protect and secure confidential information.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188
Enter your email address, and click subscribe