Separating the hype from "how to" from Hitachi Data Systems

Hitachi Data Systems has identified seven areas of cloud security concern:

Lack of common standards to apply across entire IT infrastructure

Data leakage due to inadvertent exposure

Accountability

Access and control over sensitive data

Access and control over business processes

Compliance regulations, including data retention, chain of custody, e-discovery, etc.

High costs to recover from data breach, data loss or malicious activity

And, in examining the drivers for cloud security, they are consistent with drivers for storage security:

Compliance with external regulations: data retention, secure transactions, data preservation and

sanitization, and protection of personally identifiable information

Compliance with internal and corporate mandates, finance and human resources policies, and

protection of intellectual property

Protection of IT infrastructure

Defense of company brands and customer retention

These areas of risk in the storage ecosystem are the reasons why enterprise organizations must

remain stalwart in their data security strategies. Data continues to be the most valuable asset of any

company and where the most exposure resides. It is important when moving to cloud, to be sure

that security extends to storage management tools and the layers of the infrastructure upon which

the cloud sets.

IT managers may be reluctant to hand over data and services to a third party because of the lack of

visibility; they may not know if there is proper segregation from other tenant data and what secu-

rity protocols are in place for the physicality of the cloud, including both the infrastructure and the

housing facility. Inquire whether the cloud provider is capable of performing functionality such as

encryption, masking, immutability and shredding if those will be required to meet SLAs and security

needs. For legal services in the cloud, such as e-discovery and sustaining the chain of custody,

the organization needs to ensure that the cloud environment will not impact or change these. Also,

having audit logs readily available and tamperproof is essential, as is the ability for employees of the

security vendor or cloud provider to make unauthorized changes.

More in-depth analysis on security as it pertains to cloud computing is outside the scope of this

paper. Monitor the Hitachi Data Systems website and other cloud security organizations to stay

abreast of developing progress.

How Cloud Addresses Changing Storage Needs

Knowing what type of cloud to deploy and at what time can lead to highly efficient storage manage-

ment for the enterprise. Cloud offers the advantages most desired in an agile data delivery model,

including:

Ease of deployment

High levels of automation