Security is one of the most commonly-cited reasons why Enterprise and Public Sector customers are reluctant to embrace cloud computing, notwithstanding the many benefits it offers in other respects.
On the surface of it, it would almost seem that the question doesn’t need asking. After all, the very term cloud implies a degree of opacity – a lack of visibility as to where resources (applications, data, compute, storage, network etc.) are actually located. It would also appear to apply a similar lack of transparency as to who controls those resources – who sets policy, who enforces policy, how compliance is audited, and so on. Furthermore, the fact that access to many cloud-based services can be provisioned through a browser in no more time than it takes to enter an email address and a credit card number adds to the impression that this is not Enterprise-Class technology. It is entirely reasonable for businesses to be wary of the security risks posed by putting “crown-jewels” data assets in the cloud.
Does this mean, then, that Enterprises should simply stay away from the cloud, in spite of its obvious and well-publicized business transformation benefits and economic advantages?
In order to answer this, it is important to recognize that there is actually no such thing as “The cloud”. There are several well-accepted cloud paradigms and for each paradigm, there are multiple (and in some cases many) commercial service providers to choose from. The first thing that an Enterprise must do when considering a move to the cloud is to understand the business goals it wishes to obtain from the migration and then determine which, if any, of the cloud paradigms have the potential to fulfil those goals, while respecting the security considerations we have been discussing.
So what, precisely, is it that Enterprise cloud providers offer that makes their environment more secure, in the sense that we have been using the term, than Public cloud providers?’
Very simply – they do not “cloud” the data. In an Enterprise-class cloud environment, although the compute will be multi-tenant, the data will not. From a data security standpoint, an Enterprise cloud provider will:
- Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions
- Only store that data in data centers known to and approved by the customer for that data
- Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA
- Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture
- Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA
To learn more about building your organization’s private, hybrid, public, or community cloud on xStream, please email to [email protected].
What's your goal today?
1. Are you on the Colt IQ network?
Our network connects over 31,000 buildings worldwide powering companies such as Hitachi, Atos, Forbes, Arthur D Little, Brussels Airlines and thousands of others. Find out if you're Colt connected now.
2. Learn about digital infrastructure
We've written thousands of guides and white papers, regularly publish content on our blog and host regular events on everything from enterprise network connectivity, to cloud, digital transformation and the hybrid workforce.
3. Join our team
To learn more about joining our team of over 5000 people around the world, and to browse our current open roles visit https://careers.colt.net/.
