Lack of control is often the most worrisome concern expressed by CIOs and CEOs who are considering partnering with cloud computing service providers. Usually, they aren’t worried about giving up total control of IT operations, because with any outsourcing you always retain ultimate decision-making control.
Their fundamental concern is control over data, especially data that’s regulated, or proprietary for the company or personal for customers. If data is no longer in your possession physically, how can you protect it? In the cloud, control shifts to managing how data is accessed and shared and by whom.
Giving up some control can be a good thing.
With physical data centers, when something goes wrong, your IT team can get in there, find the problem and fix it. When you bring on cloud computing service providers, it becomes their responsibility to deal with these things. It’s out of your hands, and that requires a significant level of trust. On the up side, though, you no longer have to control – or even care – how problems are resolved, as long as your service isn’t negatively affected.
Many would argue that the cloud gives you more control, because it’s scalable, increasing your flexibility to react quickly when necessary. Scalable pricing gives you greater financial control, too.
It’s a mobile world now.
Remote access and bring-your-own-device are the hallmarks of an increasingly collaborative business landscape, making integration of cloud computing service providers and their wares a corporate necessity. But the new environment definitely creates new control challenges.
Mobile devices are a legitimate source of concerns regarding access to information, storage and meeting regulatory compliance requirements. File-sharing among employees and working partners outside the company is common, and all too often they’re using consumer-level services such as Dropbox or even email to share sensitive files.
But you have no control over data stored in some employee’s personal cloud, increasing security risks and making it virtually impossible to control data flow, let alone enforce company policies or maintain the kind of audit trail required for regulatory compliance reporting.
Cloud computing service providers aren’t responsible for all types of control.
Mobile devices are beyond their purview. It’s up to you to develop policies and procedures that govern mobile equipment, whether it’s company-owned or personal. That includes recapturing or remotely removing data when devices are lost or retired.
Your goal is to control data stored in public clouds to ensure it remains private. It’s a balancing act, with security and compliance requirements on one side and the need to incorporate cloud-sharing services to facilitate work flow. With the right systems in place, extranet sharing can be less of a concern. It’s finding that rightly-balanced system that is so difficult.
A number of industry watchers advocate for private clouds over public, especially for highly-regulated industries, because they offer an inherently more secure environment.
With a private cloud, you can house, maintain and govern your data under strict control to ensure security and compliance. Being the only tenant can give you more peace of mind, too.
The “trustworthy cloud” as a new model.
This model relies on cryptographic algorithms to enforce data security, using a combination of specially designed technology, policies and reputation networks. As the data owner, you have full control over defining and controlling enforcement. Cloud computing service providers have custody of your data, but not access to it, so they aren’t responsible for security. Instead, that rides with the data itself.
The system monitors and can revoke user access. That can improve your ability to support BYOD and collaboration internally and externally, across multiple clouds, while maintaining important visibility and compliance.
The question isn’t whether your enterprise will adopt cloud solutions, it’s when and which applications. But that doesn’t mean giving up control over your IT operations. It means applying the latest technologies and procedures to reduce cloud-related risk so you can make the most of cloud-related benefits.