In spite of frequent reports about the uptick in cloud adoption -- with a recent IDC report predicting an additional 11 percent shift of IT budget away from in-house IT delivery towards different cloud models by 2016 -- some businesses are still hesitating. To them, maintaining tight control of corporate information means keeping it on-premises.
However, moving data to the cloud does not have to equal loss of control over data, or a decrease in its security, governance and privacy.
So how do you navigate the pillars of cloud data governance?
Understand Data Sovereignty Laws
Canada and many European countries have specific data sovereignty guidelines (with rumblings that things could get stricter in some cases soon). Certain types of data must be stored in-country, and sometimes they expect the cloud provider company to be a domestic entity. Security-conscious verticals like financial, healthcare and government organizations also have their own strict compliance and regulatory requirements.
Start with an understanding of the regions you’ll be operating in, including where your cloud provider is registered as a company.
Take Inventory of Data and Existing Infrastructure
Before sending data to the cloud, you'll want to take inventory. This includes understanding and classifying the types of data you have and where that data currently resides. Often times during this process, IT discovers that different lines of business have already put data in the cloud.
Come up with a strategy listing appropriate applications and types of data for the external cloud and inappropriate, depending on their classification as financial, human resources, sales, customer data, etc.
The industry is quickly moving to a hybrid model that encompasses all of the deployment scenarios, including both private and public clouds. Evaluate how your business accesses and works with your data. Understand how they connect in enterprise data management and discovery systems to identify information and access data (via auditing tools, etc.).
Establish an Internal Policy
Your internal policy should adhere to any and all compliance requirements in your industry. Include dynamically applying smart policies for data in this policy. For example, include rules for what can and cannot be shared, encrypt specific data sets, set up secure and encrypted projects, etc.
What to Look for in Your Cloud Solution Stack
Once you’ve taken inventory of your data and established security policies, determine your cloud architecture.
Both the infrastructure used as well as any platforms or applications should be included.
- Ensure that any applications you run will ultimately drive adoption of IT-sanctioned services, otherwise they'll sit idle
- Use solutions that help employees increase their productivity
- Maintain data integrity and security regardless of where the data resides, on-premises or in the public cloud
- Establish the foundation for a hybrid cloud architecture that allows you to manage workloads across private, virtual private and public infrastructure, and migrate applications and data between them moving forward
Once Data Is in the Cloud
Your work doesn't end once you migrate data to the cloud. It must continue to meet your business needs as well as any compliance requirements. This means continuously monitoring and auditing applications and data usage (just as you do with traditional systems), taking inventory of your data and systems periodically, and reviewing your policies to make sure that your business remains in compliance.
This list might seem daunting, but the alternative is even scarier -- loss of data controls, risk of regulatory audit failure and loss of trust in the cloud, despite its many benefits.
Cloud infrastructure is not inherently less secure than traditional in-house infrastructure, but it does entail a renewed approach to data governance, and an understanding of both current and future requirements.
Shifting towards a model where at least some of the data and applications reside in public or hosted environments is both a reality as well as a business necessity. It provides agility, cost advantages and improved access to applications that ultimately increases employee productivity.
Proper planning and adjusted thinking on data governance is required -- but once done, the benefits far outweigh the risks.