With the advance of both cloud computing and big data, they are often seen as a perfect match. Big data needs a flexible computer environment that can be scaled up quickly and automatically to support the large amounts of data. Cloud based infrastructure provides exactly that. But whenever cloud computing is being discussed and given the many recently publicised data breaches, the question is often asked:
What about cloud security?
If you are facing this issue, here are four points to consider that will help to ensure your cloud data implementation is as secure as possible:
Encrypt sensitive data
Data encryption is the process that creates the “virtual walls” for your cloud infrastructure. So using cloud encryption can be considered as a fundamental first step, but there is no perfect solution unfortunately. Some encryption solutions require an on-site gateway for the encryption, which does not always work well in cloud big-data projects.
Other approaches such as data encryption powered by the cloud provider itself require you to trust someone else with the encryption keys, which can be both risky and lead to non-compliance with many security protocols.
Split-key encryption techniques are a more recent option and are tailored specifically to the cloud. They use the best of both worlds by providing an infrastructure cloud solution while keeping the encryption keys safe and in your own hands.
Your cloud security solution must be scalable
You will lose the advantage of cloud scalability if your security solution isn’t as flexible as other components of the architecture. When choosing a cloud security solution, make sure it is available across all relevant cloud geo-locations.
This means that hardware shouldn’t be involved. Hardware Security Modules (HSMs) do not fit the big data ideal because of their inability to scale to fit a cloud model. Ideally you need to use a cloud security solution that is designed for the cloud and achieves security that is comparable to hardware-based options.
Automate as much as possible
Using hardware (as mentioned above) is inherently a non-automated solution, so to be able to automate, you should be looking for a “virtual” appliance based approach, not a hardware based approach.
Do not compromise on data security
Because cloud security is often a complicated issue, security shortcuts can sometimes be found in big data implementations. They are usually taken to avoid complexity and maintain the big data architecture but this in itself defeats the object of having a secure environment.
Typical examples may be using the wrong encryption tools, while others simply do not encrypt at all. These shortcuts are easy enough themselves to implement but they are also not secure.
When it comes to big data security, divide your data according to its sensitivity and protect it accordingly. You can apply the highest levels to that data that is highly sensitive and for which you require full compliance. Lower levels of security and hence simpler implementations can then be used for non-sensitive data.
What should you do about cloud security?
Careful planning of encryption techniques and scalability from the outset will ensure that your system is both more secure and easier to manage for the future. Taking short-cuts will lead to problems and possible security breaches. If you would like to discuss your system’s cloud security please get in touch.