Security remains one of the main reasons many organisations are holding back from adopting cloud services, but service providers say security will become the very reason companies choose cloud services in future.
Google, Microsoft, Verizon and most other cloud service providers commonly argue that they are able to provide better security than any individual customer organisation could on its own.
The banking industry provides a useful analogy.
There was a time when keeping money under the mattress was safe, but eventually individuals could not keep their valuables as safe as a bank could and depositing money became the accepted norm.
Today, banking generally provides a safer and more useful place to put money because it is secured by tried and tested security processes that are complemented by a host of financial services.
Similarly, cloud services are evolving along the lines that they will eventually become the recognised safe repository for valuable data.
Information banking could pay dividends
The concept of "information banking" serves almost as a vision statement for some cloud service providers, including cloud-based email management firm Mimecast.
The company’s chief technology officer, Neil Murray, foresees a future in which businesses will move their unstructured data to the cloud to make it safer and more useful.
And he is planning accordingly. Already the company is able to provide rudimentary information banking services by storing customer data in a format that can be used to answer questions from the business.
Cloud services are evolving along the lines that they will eventually become the recognised safe repository for valuable data
Security is an essential part of that, but rather than just storing data in a static form, Murray thinks in financial terms of offering a return on investment in the form of data services.
He defines an "information bank" as a single unified data repository that can be used to generate additional value out of data in a secure way, and that will ultimately replace multiple point solutions.
As an email management firm, Mimecast is in a strong position to absorb email metadata and document data, consolidate it, deduplicate it, and expose it back to the business in useful ways.
In this way, for example, all attachments can be stripped out from emails and be made available to the business as files that are easily searchable and retrievable.
Murray believes all cloud-based businesses should be thinking and planning in terms of absorbing data, storing it and then using it to deliver value to the business that owns the data.
While email is a logical place to start because up to 90% of business information is often in this format, the information bank needs to be able to tap into all sources of business information.
Mimecast, for example, has already developed technology to absorb all file and folder types, and gather documents from cloud services, archives, file servers and files shares.
The approach is to strip data from applications and store it in data stores specially designed for each data type, and then consolidate the functionality of all data applications into a single platform, subsequently adding functionality or views of data as each new use case arises.
But is this safe?
More on cloud security
- Cloud adoption immature, shows security survey
- Cloud security for SMEs: Seven key steps
- Security Think Tank: Cloud, BYOD and security – lock your doors
- Transparency, not security, is biggest cloud challenge, says Verizon
- Marble Security's cloud-based mobile security service augments MDM
- Secure cloud-to-cloud migration essential to poaching cloud customers
- FAQ: Addressing cloud computing security concerns
- (ISC)2 and the CSA announce certification for cloud security
- Encrypting enterprises miss out on cloud benefits
Data security assured
For a cloud-based business, investment in security is unavoidable as data security is a fundamental obligation, according to Murray.
Consequently, Mimecast has implemented a policy of trusting no one, not even its own employees. It uses encryption throughout and constructs all data stores with sophisticated access controls.
“To solve the problem of insider leaks, security investments by cloud service providers are considerably greater than in other businesses,” Murray told Computer Weekly.
In contrast, many large enterprises will have up to 1,000 systems administrators, all with keys to the business’s data assets, but with little or no security training, he said.
According to Murray, Mimecast is implementing a number of initiatives aimed at providing customers with security assurances that can be passed on to auditors and regulators.
“The best example of this is our certification in terms of the ISO27001 standard, which provides the assurance that we have done the right things and continue to focus on the right things in terms of security,” he said.
While the banking analogy is good for allaying fears, it also raises concerns that we will yet have to live through the cyber equivalent of an era of armed bank robberies before cloud data stores are on a par with physical banks.