Research from Microsoft has been released showing that almost two-fifths of companies will start paying for cloud services within three years. This figure demonstrates why organizations adopting the cloud should revisit their encryption needs.
The economic imperative of migrating data to the cloud is clear. But organizations need to revisit their data encryption practices before making the leap.
Microsoft’s research shows that 39 percent of SMBs expect to be paying for cloud services by the time 2014 rolls around. And there’s no doubt that many other companies will be using some of the free cloud resources that are now available.
My observations suggest that organizations of all sizes – not just SMBs – overlook aspects of their data encryption needs for the cloud. Instead, they focus on the cost savings that accrue from the migration. I would even say that accountability and transparency of how customer data and cloud system security are handled by cloud vendors is also suspect.
Want to Encrypt Your Data in the Cloud? Here are Your Challenges
The important thing to realize with cloud resources is that organizations are effectively losing direct control over their own data. This makes the task of compliance – under an increasingly complex set of rules, such as PCI-DSS – all the more complex.
It’s also important to understand that, where cloud data storage is involved, businesses need to take a centralized management approach to data encryption. They must give IT staff maximum control, with minimal impact on operations and productivity.
The challenges to cloud users and providers will be the management of encryption systems, including encryption key management. There are also potential issues with trying to index data that is encrypted in the database. Encryption approaches will have to examine not only data in flight(point to point encryption) but also data at rest (databases and other forms of storage). For SMB and many others, this will be a new experience.
The Cloud Migration Process
The process of planning for migration to a cloud platform should not be regarded as a chore by IT staff. It is a clear opportunity to re-appraise data encryption systems. Unfortunately, SMB customers are unable to judge the competence of larger providers of cloud services. And applications for the cloud rarely have data encryption as either a base or optional offering. Consequently, the model of the future of cloud will be “trust me.”
My company’s research amongst our customers suggests that many of them are taking the intelligent approach of re-investing some of the cost savings that the cloud brings to their data storage platform. They’re doing so by enhancing the encryption of data at all points in their businesses.
Put simply, this means implementing data encryption across any endpoint – desktops, laptops, handheld devices and removable media – and implementing full disk encryption where appropriate. This practice ensures that any and all data that flows to and from a cloud resource is fully protected.
Microsoft’s research shows that SMBs are joining a growing number of enterprises in adopting the financial benefits of the cloud. They should all, however, be cautious of adopting a solution that does not encrypt data on a centralized basis. Otherwise, they might wind up failing to meet their compliance requirements.