Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Banking on the public cloud

Steve Pate | June 14, 2013
When you go to the cloud, your data is in the hands of the provider. How can you protect your data though?

While data is not quite the same as money - you understand the analogy. It took a while for banks to put the right processes, technology and regulations in place to build consumer confidence.

I believe cloud adoption will follow the same trend, and the payment card industry is on the right track. In the latest PCI DSS cloud guidelines, the authors talk about shared responsibility. Let's explore this a little more.

When you go to the cloud, your data is in the hands of the provider. Further, unlike money, data can be copied or exchanged, so you might not even know someone has accessed it, as long as you can get it back on demand. 

Can you protect it? Yes you can. You encrypt your data within the virtual machine (VM) you rent from a CSP, making it safe from the time it leaves the VM, all the way through the hypervisor to whatever storage devices the data ultimately resides. This is definitely something you can and should do. 

There are still issues with the cloud. What happens if a CSP snapshots the VM to ensure availability? Well, this is a big issue since they now have access to the contents of memory that could contain anything - credit card information, health care information, etc. - in other words, potentially the family jewels. But this is also where shared responsibility comes into play. You can't do anything to protect any snapshot images taken, but the CSP can. They must encrypt and protect access to this data..

Now the final question remains ... who owns the keys? This is the hardest problem to solve. Should you hold the keys in your safe deposit box? Should the CSP hold the keys? What about the possibility for a 3rd party to hold the keys? All are realistic approaches if implemented correctly.

So will the cloud start to look like a set of large banks at some point in the future with multiple "savings accounts" and "safe deposit boxes?" 

I think the answer is yes.

If you want to avoid building out and maintaining racks of servers, and if you can be sure of the security of your data, the ability to spin up servers and applications in seconds and pay only for what you use is pretty appealing! 

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.