Click here to close now.

Welcome!

Open Web Authors: Liz McMillan, Lori MacVittie, Gilad Parann-Nissany, Carmen Gonzalez, Mark R. Hinkle

Related Topics: Cloud Expo, SOA & WOA

Cloud Expo: Article

In the Rush to the Cloud, Don’t Forget About Data Governance

Migrations to the cloud are an extension of the operational perimeter of the business

Cloud computing has become an integrated part of IT strategy for companies in every sector of our economy. By 2012, IDC predicts that IT spending on cloud services will grow almost threefold to $42 billion. So it's no surprise that decision makers no longer wonder "if" they can benefit from cloud computing. Instead, the question being asked now is "how" best to leverage the cloud while keeping data and systems secure.

Data governance and compliance issues are typically the same whether information is in a private or public cloud environment or on-premise. That said, when organizations are considering moving business data to the cloud, a sound data governance approach must be in place to avoid costly data protection mistakes. At the heart of a sound data governance strategy is ensuring that only the right users have access to the right data at all times.

While the economic advantages of the cloud are compelling (the ability to quickly expand infrastructure to meet demand, low usage-based pricing and near infinite scalability), many organizations have yet to master data governance of their existing, in-house infrastructure. It's a bit like putting the cart before the horse. Against that backdrop, it should come as no surprise that cloud services can actually exacerbate existing data management and protection issues, adding a host of new concerns:

  • How do I enforce existing security policies and procedures when my data is in the cloud?
  • If my cloud provider is sued, can the suing party get access to my data?
  • How do I get access to full reporting that I need for my IT governance and compliance responsibilities?
  • How do I know what other data is in my cloud?
  • How do I know if my cloud is secure?
  • How do I automate access rights management in the cloud?

The Data Deluge Dilemma
Organizations have more digital data than ever before that must be continuously managed and protected in order for it to remain safe and retain its value. While data governance is often thought of more as a discipline than a technology, software can help companies implement data governance policies through automation, without disrupting existing business processes.

Concern about data governance has increased substantially over the past two decades, driven by the rapid growth in digital collaboration and an exponential increase in the amount of data that is created, shared, streamed and stored. Organizations now possess increasingly more information about their customers and partners - whether it's stored in a cloud environment or not - and failure to protect this data can be damaging. Partners and customers expect their information will be consistently protected before conducting business with a company. Therein lies the need for comprehensive data governance to manage and protect critical data, which has become a key issue for the cloud.

For years, IT has worked at capacity to manage and protect data manually as best it could - responding to authorization requests, migrating data, and cleaning up excessive access. Yet, despite this effort, IT has been falling further and further behind for the past 15 years. There is simply too much data being created too quickly to manage, protect and realize its full value without continuous, up-to-date information about the data: metadata.

Put simply, metadata is data about the data you hold in your organization. Use and analysis of metadata is already more common than we realize, and automated collection, storage, analysis and presentation of metadata will become a necessity not only for in-house data stores, but for cloud infrastructure as well.

Metadata frameworks for data governance from companies like Varonis non-intrusively collect critical information, generate metadata where existing metadata is lacking (e.g., file system filters and content inspection technologies), pre-process it, normalize it, analyze it, store it, and present it to IT administrators in an interactive, dynamic interface. Once data owners are identified, they are empowered to make informed authorization and permissions maintenance decisions through a web-based interface. In addition, data owners can do all of this on their own without IT overhead or manual back-end processes.

Those organizations that have learned to harness metadata to underpin their data governance practices will have a far greater chance of a extending those management and protection capabilities to the cloud, assuming that the cloud providers are equally metadata-capable.

Due Diligence in the Cloud
To coin a phrase from John Walker, Professor of Science & Technology, School of Computing & Informatics and member of ISACA Security Advisory Group: "You are not merely buying a cloud, you are choosing a partner and that choice has to be based on thorough due diligence. This process is essential. The most important barrier to the adoption of cloud computing is assurance - ‘how do I know if it's safe to trust the cloud provider?' With today's complex IT architectures and heavy reliance upon third-party providers, there has never been a greater demand for transparency and objective metrics for attestation."

Migrations to the cloud are an extension of the operational perimeter of the business. It is a partnership that joins on-premise business objects with those located in the extended perimeter of the cloud. Both are subject to the same access controls and policies. Any approach to utilize the cloud must be achieved in tandem with organizational controls to create a robust, contractually obligated partnership between client and provider - nothing short of this should be considered secure.

There is an urgent need to address security and compliance challenges associated with an organization's cloud initiatives. IDC research has found that security and compliance are among the top three challenges to cloud computing. Without adequate information on the security and compliance profile of the data, including its ownership, access controls, audits and classification, cloud initiatives can fall short of expectations and put sensitive data at risk. Understanding the data owners, authorized users and user activity is critical to garnering organizational input, which in turn, is critical to defining the security and compliance profile of the data for your internal datacenter and the cloud. CFOs and CIOs are hesitant, IDC says, to move critical data and processes into the cloud when there is still little visibility on access and ownership, traceability and data segregation. It is vital that organizations have data governance in order to provide secure collaboration and data protection for their customers, partners and employees. Without it, companies will find it virtually impossible to manage and protect digital information in the cloud or anywhere else.

More Stories By Wendy Yale

Wendy Yale leads marketing and brand development for Varonis’ global growth efforts. She is a veteran brand strategist with 16 years of marketing experience. Prior to Varonis, Wendy successfully managed the global integrated marketing communications team at Symantec. She joined Symantec from VERITAS, where she led the interactive media marketing team. Beginning her career as a freelance producer and writer, she has developed projects for organizations such as the University of Hawaii at Manoa, Film and Video Magazine, Aloha Airlines, the International Teleproduction Society and Unitel Video. Wendy has held senior posts at DMEC and ReplayTV, and holds a B.A. degree in Geography from Cal State Northridge. You can contact Wendy at [email protected]

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
SYS-CON Events announced today that CodeFutures, a leading supplier of database performance tools, has been named a “Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. CodeFutures is an independent software vendor focused on providing tools that deliver database performance tools that increase productivity during database development and increase database performance and scalability during production.
The IoT market is projected to be $1.9 trillion tidal wave that’s bigger than the combined market for smartphones, tablets and PCs. While IoT is widely discussed, what not being talked about are the monetization opportunities that are created from ubiquitous connectivity and the ensuing avalanche of data. While we cannot foresee every service that the IoT will enable, we should future-proof operations by preparing to monetize them with extremely agile systems.
There’s Big Data, then there’s really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. Learn about IoT, Big Data and deployments processing massive data volumes from wearables, utilities and other machines.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Intelligent Systems Services will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-critical systems. ISS has completed many successful projects in Healthcare, Commercial, Manufacturing, ...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com), moderated by Ashar Baig, Research Director, Cloud, at Gigaom Research, Nate Gordon, Director of T...
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities. In his session at @ThingsExpo, Gary Hall, Chief Technology Officer, Federal Defense at Cisco Systems, will break down the core capabilities of IoT in multiple settings and expand upon IoE for bo...
With several hundred implementations of IoT-enabled solutions in the past 12 months alone, this session will focus on experience over the art of the possible. Many can only imagine the most advanced telematics platform ever deployed, supporting millions of customers, producing tens of thousands events or GBs per trip, and hundreds of TBs per month. With the ability to support a billion sensor events per second, over 30PB of warm data for analytics, and hundreds of PBs for an data analytics archive, in his session at @ThingsExpo, Jim Kaskade, Vice President and General Manager, Big Data & Ana...
For years, we’ve relied too heavily on individual network functions or simplistic cloud controllers. However, they are no longer enough for today’s modern cloud data center. Businesses need a comprehensive platform architecture in order to deliver a complete networking suite for IoT environment based on OpenStack. In his session at @ThingsExpo, Dhiraj Sehgal from PLUMgrid will discuss what a holistic networking solution should really entail, and how to build a complete platform that is scalable, secure, agile and automated.
We’re no longer looking to the future for the IoT wave. It’s no longer a distant dream but a reality that has arrived. It’s now time to make sure the industry is in alignment to meet the IoT growing pains – cooperate and collaborate as well as innovate. In his session at @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, will examine the key ingredients to IoT success and identify solutions to challenges the industry is facing. The deep industry expertise behind this presentation will provide attendees with a leading edge view of rapidly emerging IoT oppor...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...