You want to move your analytics workload to the cloud
, but you don’t want to make news headlines for the wrong reasons. This is a dilemma facing many IT and business users. A recent survey
showed that 83 percent of respondents agree that the cloud is the best place to run analytics—and an astonishing 91 percent said that the pace of transition from on-premises to cloud should be much faster.
One of the biggest barriers hindering the move to the cloud is a nervousness over security and compliance. Fifty percent of survey respondents state security as one of their main concerns, with 35 percent calling out regulatory compliance as a concern. Yet providers of cloud services maintain that the cloud is as secure or even more secure than a traditional on-premises solution. So where is the problem?
Trust and Responsibility
It’s a question of trust. In an on-premises situation, the organisation is generally in control of the infrastructure and the policies relating to security and compliance. Sure, they work with vendors to specify their requirements and are often required to meet parameters set by external regulators—but, by and large, they know what they need to do and how to do it. They take responsibility for the environment and treat it seriously to protect their business, their customers, and their reputation.
In moving to the cloud, you’re putting your faith in a third party to do the things that you care about. Will they care as much as you? Yes. Cloud providers take these things very seriously because they’re in the business of providing you a service. You are their customer, and their reputation comes under very public scrutiny. A security breach at a cloud provider could have catastrophic consequences in terms of customer trust and reputational risk. You bet they take it seriously.
Does this mean you can just hand over all responsibility to your cloud provider? No, it doesn’t. It means you need to have a detailed discussion to determine where responsibility lies, and make sure you have the processes and monitoring in place to ensure your environment meets the security and compliance requirements for your business. It’s a case of sharing the responsibility and knowing that each party is stepping up to do their bit.
Some Areas to Look Out For:
- Review existing security and compliance processes: It should not be necessary to build a new set of security and compliance processes, but existing policies should be reviewed with respect to cloud-based environments. For example, data encryption policies may need to be revised to take account of transmission over external networks. A robust set of policies building on existing practices will build confidence and trust.
- What goes to the cloud? Not all data and applications are suitable for migration to the cloud. Often, regulatory constraints mean that data cannot be moved out of, or into, certain jurisdictions. Cloud providers will not usually be able to access any data directly, so the business is generally responsible for these decisions.
- Compliant environments: Many national and international standards apply to cloud environments. The business should determine which apply to their domain and verify with the cloud provider that they do indeed meet these standards. The cloud provider should be able to provide audit reports for the applicable standards and be able to demonstrate an on-going commitment to maintaining these standards through regular third-party audits and updates.
It is relatively rare for companies to switch completely to the cloud in a “big bang” approach. A more common approach is to start small—with a specific workload or function with more manageable security and compliance requirements—and build expertise from there. A good example is development or testing where you can build the infrastructure and services to test out the environment without the risk of involving production data or processes. This can also help build confidence that the compliance policies are suitable for the task.
The ultimate goal is to take that journey to the cloud with confidence, without making the headlines for the wrong reasons.
To learn more about analytics in the cloud, I encourage you to follow the conversation at #CloudExperts or #BuiltForTheCloud, or reach out to your Teradata account executive.