Why Your Data Security Policies Need to Span Multiple Clouds

By Pamela Kerman, Senior Manager, Strategic Marketing, NetApp

 

Is your organization storing its valuable information in multiple places, both on-premises and in the cloud? If so, you are not alone. IDC predicts that 65% of enterprise IT assets will be off site by 20181. IT operations will be spread across colocation sites, hosting partners, and cloud data centers. And one-third of all IT “staff” will actually be employees of third-party service providers. Data security used to be a serious challenge when all of your data was in one place. It’s now a multi-dimensional management nightmare for nearly every IT organization.

 

To further complicate matters, your organization is probably required to comply with an ever increasing set of industry regulations—and the policies needed to achieve compliance may be different for on-premises, private, and public clouds. A recent ESG study revealed that nearly half of all organizations are required to comply with at least one financial or healthcare industry regulation.

 

With which of the following corporate governance/government regulations is your business required to adhere?

 

King County in Washington State is one example of an organization that uses cloud storage services as an extension of its own data center. However, the county must also maintain compliance with a number of data security regulations, such as those related to the Health Insurance Portability and Accountability Act (HIPAA) and the Criminal Justice Information Services (CJIS) Security Policy. To meet these regulations, King County must implement and document security policies across the entire data lifecycle, which now spans from its on-premises IT systems to Amazon Web Services.

 

King County complies with its data security requirements by protecting all of its backup data, both in flight and at rest, using a cloud-integrated appliance that provides AES 256-bit encryption and Transport Layer Security (TLS). Encrypting all of its data enables the county to simplify compliance for those subsets of criminal and health records that are covered by government regulations. The solution also provides local key management that enables the county to comply with mandates that require it to maintain physical custody of the encryption keys.

 

Enabling Security for Your Hybrid Cloud

NetApp believes that hybrid clouds will be the dominant IT model for the foreseeable future, and securing data has emerged as one of the key challenges for this new model. However, today’s hybrid clouds are often built using a wide range of isolated, incompatible data silos. Every cloud provider has a different way to manage customers’ data, making it difficult to secure data as it moves from one cloud environment to another.

 

An approach that spans your entire data infrastructure is the only way to ensure data security across the enterprise. NetApp’s Data Fabric vision provides the control and choice you need to deploy consistent security policies across storage tiers that span multiple clouds. It provides visibility across flash, disk and cloud storage services so you can always make the best decisions about your data.

 

As part of our vision, we are committed to achieving the industry’s highest levels of data security validations. NetApp’s third-party security validations include:

  • The Federal Information Processing Standard (FIPS 140-2), a U.S. and Canadian co-sponsored security standard for hardware and software products that provides stringent third-party assurance of security claims for products sold in the U.S. and Canada.
  • Common Criteria , which provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and repeatable manner at a level that is commensurate with the target environment for use.
  • Joint Interoperability Test Command (JITC) tests technologies that pertain to the multiple branches of the U.S. armed services and government. It is the premier test and evaluation organization in support of the Department of Defense.

 

Download the Whitepaper

Only a global approach to data management can secure your data—and your company’s reputation—in the hybrid cloud era. NetApp can help you maintain control and choice as you manage, secure, protect, and move your data across the hybrid cloud, no matter where it lives.

 

To learn more, download the Enterprise Strategy Group Security Whitepaper: NetApp Data Fabric and the Essential Data Security Controls for Hybrid Clouds.

 

IDC, IDC FutureScape Worldwide Cloud 2016 Predictions, November 4, 2015