Wednesday, May 05, 2010

The Changing Landscape of Information Access

Helping Businesses Make Wise Choices

Every business using technology should recognize that the rules regarding information security are changing.

Conceptually, cloud computing creates new challenges for information security professionals, because sensitive information may no longer reside on dedicated hardware. Where physical security was once a primary element of data access, virtualized services and remote accessibility have redirected the discussion to more ethereal areas.

How can enterprises protect their most sensitive data in the rapidly-evolving world of shared computing resources? Vulnerabilities have been found in the cloud and software-as-a-service models, raising the question of cloud computing's impact on security and the steps that will be required to protect data in cloud environments. Particularly when it comes to integration of services and data sharing amongst cloud solution providers, who, exactly, is in control?

While the concepts of centralized processing, shared computing resources, and subscription-based services are not at all new, many of the technologies being applied today are new. When we consider the fact that new vulnerabilities are still being discovered in older software and systems, why would we assume that new cloud computing tools and services would be immune?

Cloud computing and software-as-a-service technology models often shelter the user from the realities of the systems (hardware, software, networking, etc.) that comprise the service. Before investing your business in a fully cloud-based solution, make certain that you fully understand your risks and how they might be mitigated.

As Sun Tzu wrote in the Art of War,  " If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

Make Sense?