Getting Your Thoughts and Data into the Cloud
As if IT professionals did not have enough to think about with supporting on premise applications, the emergence of the cloud (and the hype with it) has presented a new set of challenges for software, security and infrastructure professionals. Should our corporate application be migrated to the cloud? Not an easy question to answer especially as IT decision makers are still trying to understand what migrating to the cloud really means. In a series of MadronaSG Blog postings, we plan on exploring many of the factors facing IT professionals, but before we proceed too far, it is extremely important to first categorize the degree of data sensitivity for the data you may be targeting for migration into the cloud. After all it’s all about the data!
Data can be classified in a few ways such as Low Business Impact, Medium Business Impact or High Business Impact. An example of a Low Business Impact data transfer would be an email application which is in use today by you right now given you have a Gmail or Yahoo email account. Yes, the data may be sent over Secure Socket Layer but if the central database is hacked, then any email you sent could be exposed to techies with bad intent who could cause you or your company material or reputational loss. Hopefully, no one is insecurely sharing trade secrets or any High Business Impact data on those types of accounts. An example of High Business Impact data would be PII (Personally Identifiable Information) sourced from entities such as Human Resources, Hospitals or Financial Institutions. Medium is considered data that may have for example, partner company details but nothing related to PII or sensitive corporate data that could comprise you or your partners’ company.
Given the risk of putting sensitive data into the cloud (which appears to be one of the biggest speed bumps for cloud adoption), Corporate Security and Architecture teams need to be engaged immediately for their evaluation and feedback on the type of data being migrated. The application team will need to be ready to address how the data transfers will be secured over the internet, within the cloud and when at rest within the cloud itself. Be wary of the hybrid solutions that keep sensitive data On-Prem and Web / Business logic in the cloud…the data will definitely be more secure but as in everything in life, there is cost to doing so.