The growth in popularity of web-based applications like social networking sites and even cloud computing software like Google Docs has raised more and more questions concerning security requirements. Particularly when it comes to the use of virtual and cloud environments for sensitive data hosting, rather than use of local data centres - does data protection now demand a new approach?
Data protection schemes should always pursue pre-emptive tactics. In fact, nowadays it’s an essential requirement for security control systems to reveal and prevent hacking attempts in real time - otherwise damage of data, information leakage or loss of data integrity might be unrecoverable where a company primarily does its business over the internet.
What security issues will you face?
There's always a danger of unauthorised data access (which could involve unauthorised access to the data, modification or even deletion) if you're using a hosted application where you can’t control your hosting media. The major difference between the old approach (using your own local data-centres) and new approach (in the cloud) is that you have to put in extra 'smart' protection and detection mechanisms, such as:
- Logic in your system that will watch for massive data changes
- Logic that watches for unusual mass data retrieval
- Geo-checks for an authenticated user (for example, if the user is assigned to your Bristol branch and has no roaming option activated, but their IP tracks back to London)
Make sure your system will (semi-)automatically block suspicious users and notify your system administrators. Having the system in your own data centre allows you to implement physical control of data access, checking smartcard IDs, fingerprints and even retina scans, so user authenticity is trustworthy. With a hosted application all you can do is ensure that you run as many logical checks as possible and, if something goes wrong, you detect the problem at an early stage.
Hosted software solutions
More and more companies are taking the decision to migrate customer management and basic planning systems from their own data centres to leased web platforms. These offer web-based access to corporate databases and management applications. Usually, they take the benefits of cloud structures and, while a cloud structure has a long list of benefits, (there should be a good reason why more and more companies are moving data out of their data centres) there are still disadvantages.
The major disadvantage is (even if it surprises you) the same as its major advantage: 'Software as a Service' means that every single client uses exactly the same set of software applications which incorporate the same logical principals, procedures and algorithms. In a word, they're generic. They offer the same ideas to different clients: every client uses the same authorization schemes, data integrity checks, credential validations, etc.
For some companies, these solutions are way ahead, more useful, flexible and secure in comparison with the old software they used in local data centres. For other companies with specific security requirements, these ‘generic’ ideas are not enough to offer sufficient levels of access protection and they can't deal with the security risks. In which case, SaaS will definitely restrict you in how you can organize data access authorization, which is something you can’t control.
There are lots of pros and cons when choosing the right way for your company’s IT infrastructure development, you just need to summarize them and choose the right one:
- Define the weak and strong sides of using your own data centre and compare it against the same set of criteria for a virtual/cloud hosted system.
- Define security risks you have in your data centre and compare them against the security threats for a hosted platform.
- Based on the previous list, make two lists: ‘Absolutely required’ and ‘Wish list’ for your security requirements; find a platform provider that will perfectly fit your needs.
Vitaly Yakovlev is the IT manager at online tailoring company A Suit That Fits.