It’s Time to Go Public: Bringing Private Cloud Controls to the Public Cloud

No ratings

Presented at IAPP 2014 by

Mark Bower

David Vogel

People will do whatever it takes to get their jobs done, and sometimes that means downloading applications such as Dropbox to store and share files. It’s a way for them to complete tasks without having to involve IT, or worse, be told they can’t do something. Companies can control access to these services by disallowing them, but then you’re taking a valuable resource away from your colleagues. It’s not about taking access away—it’s about making it more secure. So is the answer to implement a potentially costly private cloud? Not necessarily. In order to make a public cloud as secure as its private counterpart, an enterprise needs to not only control employee access to data and applications, but also control where certain types of regulated data can flow. Technologies like single sign on can manage cloud access, and techniques like tokenization and encryption can be used by organizations to determine where information can, and cannot, flow. And now products such as cloud encryption gateways have emerged to enable the use of these data protection techniques while not interfering with the end user’s use of cloud applications. These gateways can serve as an “entry” to a cloud application, replacing sensitive data with encrypted or tokenized values for transmission and storage in the cloud. Since the sensitive information remains under corporate control at all times, organizations can confidently make the move to the public cloud without the associated privacy, security and regulatory concerns of placing sensitive data with external cloud service providers. But what about those rogue users? IT groups can utilize an emerging class of discovery tools to help identify “unauthorized” cloud use and then use solutions such as cloud encryption gateways to bring the cloud usage into compliance without disrupting the end user’s cloud experience. The bottom line is that the barriers to cloud adoption are real, but they can be easily overcome. And with the right tools and cloud strategy, there’s no need for a private cloud to be the only option. When it comes to cloud, it’s time to go public.