Cloud entry strategy has been top of mind in IT organizations for years. Now that the industry has reached a level of maturity—with multiple players and offerings—the need for an exit strategy has emerged. Fredrik Forslund is the director of cloud and data center erasure solutions at Blancco Technology Group, which provides thousands of organizations with secure data erasure solutions. He recently sat down for a Q&A with IT Innovators to discuss the importance of plotting your exit before entering the cloud; a topic he will elaborate on at the upcoming Data Storage Innovation Conference in June.
When should a company exit a cloud storage arrangement?
The most common event is simply that you have increased competition in the market and you want to change your service provider because you feel that you can get a better offering somewhere else. Another event is structural changes. For example, you might be acquiring companies or you might be acquired or divesting part of your company. And then there are geographical concerns. Specific nations might have legislation in place that says certain data cannot leave geographical boundaries, and if something changes in that sense, overnight or over a transition period, you might be forced to exit one cloud service provider and move to another in a different geographic location. I think we’re going to see more of that going forward.
What are the risks associated with moving data?
First of all, you need to make sure that the actual transmission of data is done in a secure way, usually some form of encryption is used for that transmission. When you have confirmed that data is securely operational in the new location, you must remember to take care of your previous location. That’s where data erasure often comes in as a mandatory requirement. Today, you have specific known malware that can penetrate networks and get access to different hosting environments. As an attack, the malware will start recovering previously left behind data that has just been deleted, which is not the same thing as securely erased.
Are these standard practices?
You’ll find a number of different maturity levels when it comes to providers. Some providers design their infrastructure, their architecture, everything, with security as their number one priority. Other providers might be giving priority to the lowest possible price—they might have some level of security, but compared to others, they might have big differences. So you need to understand what you are after when you are looking for your preferred cloud service provider.
How can risks be managed?
It comes down to traditional management procedures. You need to have data protection officers in place, people responsible for different kinds of data assets and thinking about, planning and controlling the data lifecycle. You have industry organizations that are very actively talking about this, Cloud Security Alliance, for example, where you can find great information, guidance, best practices and different self-certifications to make sure that you are aligned with the right kind of thinking.
What innovations make secure cloud transitions possible?
We’re looking at a very fast pace of innovation in the IT industry in general, and when we’re looking at cloud today, we are mainly focusing on software-defined data centers. It’s hyper-converged, so you have tools in place to manage everything at your fingertips. You are managing everything from a control center. Following virtualization as a trend in the market is something that all of us security suppliers must do and, in the end, that makes life easier for the enterprise administrator who needs to actually perform these exercises.
What is the value of a hybrid cloud deployment?
Today you have some extremely cost-efficient, standardized public cloud offerings that might be extremely suitable for some computing. But on the other hand, some other classified data processes might be much better off running in your own data center where you have full control of the entire IT infrastructure. When you have the ability to be flexible in how you can move resources in between that cost-efficient public cloud solution and your own private cloud environment, that’s where you find the beauty of the hybrid cloud.
What advice would you give organizations considering cloud implementations?
You need to start from your own organization; you need to make sure that you have people as internal thought champions. This area is moving so fast, you need to have dedicated people that are managing your data lifecycle. If you don’t budget for that—if you don’t have the organizational resources—I think you will be facing challenges in the end and, when there’s distress of some sort, you won’t be prepared.
Christy Peters is a writer and communications consultant based in the San Francisco Bay Area. She holds a BS in journalism and her work covers a variety of technologies including semiconductors, search engines, consumer electronics, test and measurement, and IT software and services. If you have a story you would like profiled, please contact her at [email protected]
The IT Innovators series of articles is underwritten by Microsoft, and is editorially independent.