Joe Pasqua is Executive Vice President for MarkLogic.
Security remains one of the biggest roadblocks for enterprises to move to the cloud, numerous studies and research firms have stated.
We often talk about security as one thing, but in actuality, it is quite multifaceted. That’s why it’s important to distinguish between layers of security in a public cloud environment — and why concerns about data security and public clouds must be taken seriously.
As 451 Research concluded in a recent report, leading public cloud providers, such as Amazon Web Services and Azure, have very good security. They have to. They are “secure by default because they have a vested business interest in being as durable as possible,” 451 says. Again, I agree. Public cloud providers do a great job of traditional network and operational security.
In today’s world, and especially in the cloud, that’s not good enough anymore. While the cloud environment may be secure, the data inside that environment may not be. If the database you’re using lacks comprehensive, hardened security, you’re still at risk. You can’t read the news without seeing numerous data breaches that underscore this fact.
A New Environment
Think about it this way. If you run a physical retail store, you’ve got important security issues. You need good door locks, windows with alarms and security guards who keep bad guys out. Still, you want people to come into your store, browse, touch things and ultimately buy them. It’s not enough to have good perimeter security, you need security on the inside of the store, too.
Traditional network security is like those door locks and window alarms. It is a great perimeter solution, intended to keep people out. In today’s hyperconnected cloud world, the world of the Big Data, you need to be able to securely let people into the network. You’ve got customers, partners, suppliers and Ops people in your network all the time. And remember, those Ops people don’t work for you, they work for your cloud provider. You want all those people on your network. You need them there.
However, you have to keep track of who’s in, what they have access to, what they’re allowed to see and do, and be able to audit their actions. In this world, your security can’t just sit around your data, it has to be with your data. It also has to be flexible enough to allow some actions from some users, but not others from others. That’s where the database security inside a public cloud environment becomes as crucial, if not more so, than the network security. Cloud providers can’t help enterprises with data security and that’s what enterprises need to think about.
Risks of Sharing Data
Data governance is also a huge issue in the cloud, as it is on-premises. We see huge enterprises who want to leverage their data assets. They gather data, build massive and expensive data lakes, and then can’t use them because the data isn’t governed.
Without good governance, they’re scared to share data because they might run afoul of regulatory compliance issues or unwittingly expose internal information. They are hesitant to share data with data scientists for analytical purposes because they’re not sure all of the personally identifiable information has been scrubbed from the data. Moreover, if they don’t know the lieneage of the data, they can’t be sure of the validity of their analytical results.
Data governance is more important now than ever because enterprises are contemporaneously moving to the cloud. They want the elasticity and flexibility of the cloud to better leverage their data. To do that, they need to trust that the data can be safely shared. If not properly governed, enterprises can’t share data and they’ll lose one of the key cloud benefits. Rather than view data governance as a nuisance, enterprises need to see it as the key to unlocking the value of data.
Enterprises want faster and smarter access and insight into their data and the cloud will help enable that. It will give them important gains in flexibility and agility. But to realize these gains, they need to be proactive in combating the Data Security and Data Governance issues that could derail their efforts.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Penton.