Chemical World - September 2012

Page 66

TIPS & TRICKS Cloud computing

Right steps to ensure security and data privacy in an organisation Most chemical companies are still at an early stage in their adoption and usage of cloud computing. The cloud environment offers enormous advantages that vary from lower costs to massive scalability, but it has also presented daunting security risks, especially as sensitive data moves beyond an organisation’s firewall.

V

arious surveys tell us that security and data privacy remain prime concerns for cloud implementers in all industries. The fear of their data being ‘in the cloud’ is often the greatest hurdle that leaders must overcome to build trust and gain the benefits from cloud computing. Chief Information Officers (CIOs) are concerned that their data could be stolen or compromised by hackers; mixed with data from their cloud providers’ other customers; or released by mistake. Any of the above could expose companies to compensation claims, public embarrassment, lawsuits and ‘brand damage’. Given below are some useful guidelines to follow when implementing cloud computing in an organisation.

Many companies have s p e c i fi c challenges in areas of security and data privacy. Their existing IT estates consist of highly fragmented landscapes of security and data privacy approaches and policies taken across different departments. This in turn involves a lot of risk and cost. The move to cloud computing (to drive more consistency and automation in security and data privacy) may actually provide a catalyst for driving greater security and reduced costs. Fo r chemical organisations, the major secur it y concern is usually around their R&D and the distinctive intellectual property that they create, effectively the ‘crown jewels’ of their

1

2

66

Chemical World | September 2012

businesses. Other industries have different concern areas, such as customer financial data in financial services. It is also important that as companies choose cloud service providers, they include security and data privacy capabilities as a major part of the selection criteria. The key to understanding security in cloud computing is to realise that the technology is not a break with the past. Instead it represents the logical next step in the outsourcing of commodity services to many of the same trusted IT providers that have been leaders in the field for years. It is essential to work with your provider to determine its attention to security, privacy and compliance with data laws in all relevant jurisdictions. Make sure the provider can achieve parity with or better levels of security, privacy and compliance with laws than you have today. Remember that the security of the cloud should be equal to the most risky client that is serviced by the provider. R i g o ro u s risk assessment is a complex undertaking that represents the key to effective security in the cloud. It is essential that your cloud computing partner provides you with its risk assessment and how it intends to mitigate any issues found.

3

4

5 6

If the cloud provider does not have a seasoned privacy officer and a clientfacing chief information security officer or equivalent security role, be careful. It is a sign that the provider may not take security seriously enough. S c h e d u l e mandatory monthly discussions with the cloud provider’s top privacy and security people. This discussion should flow both ways with no hidden items. The cloud provider should have the ability to map its policy and procedures to any security mandate or security/privacy/compliance-driven contractual obligation you face. Pay attention to your cloud provider’s adherence to secure coding practices. It is imperative for enterprises embracing cloud computing to not only monitor and enforce controls such as ‘who is the user’ and ‘what is the user allowed to access in a cloud environment’ but also to ensure that such compliance is cost-effective and sustainable in the long term.

7 8 9

10

* This article is based on the excerpts of the report ‘Six questions every executive in the chemicals industry should ask about cloud computing’ by Accenture Courtesy: Accenture Email: rakesh.rao@network18publishing.com

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.