By Modeen Malick, Senior Systems Engineer for MESAT at Commvault in South Africa
Security has always been one of the biggest concerns when moving data into the cloud, with public cloud often perceived as the least secure option. Nevertheless, the benefits of a hybrid environment have been made clear, and organisations have started to adopt public cloud into their environments in some form or other. In fact, many organisations are embracing multi-cloud environments, and are spoilt for choice with so many different public cloud providers now offering services to business. However, ensuring data security in such a complex environment means that finding the right data management partner is more important than ever.
Private cloud offers the agility, flexibility and security benefits of cloud-based solutions, but it can also be quite costly to implement and maintain. Conversely, public cloud offers a more cost-effective solution and security is generally taken extremely seriously by these providers. This means large, dedicated teams behind cutting edge security technology ensure that their reputation, and their customers’ information, remains secure. But it is not necessarily about choosing between private or public cloud. For instance, one of the benefits of a hybrid cloud environment is the ability to decide which data to store in which cloud, thereby optimising costs whilst adhering to regulations.
However, it is good to note that hybrid cloud and multi-cloud environments require organisations to make informed decisions about where mission-critical or sensitive data is stored. It is imperative for the organisation to know where its data is at all times, particularly if sensitive business information must remain ‘in country’. Precisely pinpointing data location on public cloud platforms can prove impossible, so it is essential to ensure that any data that may be impacted by privacy regulations is not stored in the public cloud.
Within a multi-cloud environment security is made more complex by the fact that each cloud vendor has its own methods for protecting and securing data and applications. The challenge for business is that options offered by public cloud vendors are not as flexible with regards to customisation as private cloud solutions. It is therefore important to select the vendors that understand your needs and have security procedures that complement the business. In addition, you must ensure that your data remains protected should you move it from one provider to another.
Ultimately, it is essential for the business’s data to be controlled, regardless of the type of cloud solution or the vendor being used. While the cloud provider is responsible for ensuring their infrastructure is secure, it is the business’s obligation to ensure its data is protected and that the cloud provider’s security measures align with the organisation’s security requirements. Basic security tools, such as encryption and key management, need to be implemented, and robust, well-planned backup and recovery procedures must be in place.
Navigating the complexities of data protection, backup and recovery can be daunting, particularly within the complicated landscape of hybrid and multi-cloud environments. Partnering with a specialist data management provider ensures that the business’s data is optimally stored in the right mix of cloud options, protected, backed up and able to be recovered after a data loss event. This minimises business impact and mitigates the risks involved.