Don't bring your bad security habits to the cloud

Data consolidation in public clouds is all the rage these days, for good reason. You typically have data scattered all over the place in your enterprise, and relocating to the cloud means you can finally get what data experts like to call a “single source of truth.”

Even better, big data technology is native to most public clouds, including Amazon Web Services, Google, and Microsoft. Thus, you can not only centralize on a public cloud platform, but do big data management as well.

However, I often find that data security has been an afterthought in cloud migrations. Although enterprises may have encrypted some data, especially where the law requires encryption, they don’t encrypt most of their data. Moreover, even if the data is encrypted at rest (when it’s in a virtual storage system), it’s usually not the case in flight (when the data is moving from place to place). 

Another issue involves the granularity of the data security — the ability to turn off objects, rows, attributes, fields, or however your data is stored logically to meet the exact security needs of an application. Typically, access is an all-or-nothing proposition, so you get situations such as the shipping clerks having access to the HR data, if they know what they are doing.