In a Q&A with Information Age, Fredrik Forslund — VP Enterprise & Cloud Erasure Solutions at Blancco — discusses key considerations behind cloud migration, managing data and its lifecycle, having a cloud exit strategy and how organisations can avoid vendor lock-in.
What key considerations should be made ahead of cloud migration?
One of the biggest challenges for today’s businesses is understanding the data in their possession. Ahead of cloud migration, the key thing for enterprises to consider is how they can develop that understanding. Businesses can start by being clear on what is being moved to the cloud. A lot of organisations hoard large amounts of data for fear of what else to do with it, but what they need to be considering is how they can manage that data throughout its lifecycle.
Cloud migration best practice advice — a CTO guide
Put a process in place to regularly review data to assess its value to the business, classify what data should and shouldn’t be saved, and then irreversibly and permanently remove any unnecessary data. The issue with moving and keeping all data is that it is not only costly to store, but it is increasing the surface for potential attacks which can have a potentially catastrophic effect on bottom lines.
How can organisations best manage data and its lifecycle?
The process of regularly reviewing and evaluating data, alongside proper data sanitisation – the deliberate and permanent erasure of data – is one of the primary ways all organisations should be managing data and its lifecycle. Internal screening can help an organisation establish a consensus on the value of data and its perceived longevity. Continued analysis is of paramount importance in data lifecycle management. A digital audit trail is another great way for organisations to manage data effectively, as it ensures data is always accounted for at each step of its journey. GDPR has made accountability far more significant and should data become lost or stolen and can not be accounted for, then rest assured there will be consequences.
Is it important to have a clear cloud exit strategy?
Ahead of your journey to the cloud, it’s important to consider how that journey might end. The cloud market is hugely competitive and changing quickly with the likes of Amazon and Microsoft pumping a lot of money into cloud-based services. It’s not uncommon for an enterprise to change its cloud provider either. Key things to consider are can the cloud provider ensure all sensitive data will be erased upon exit? Can they guarantee proper sanitisation of that data? And importantly have you put in place an audit trail to account for any data that was stored via that cloud provider? Some organisations may never have to employ their data exit strategy but it’s important to have one as it creates that extra all-important layer of security.
Migrating to the Cloud – how to move seamlessly
How can organisations avoid cloud vendor lock-in?
To avoid cloud vendor lock-in, businesses need to be extremely diligent when reviewing the contractual part of their agreement with the cloud vendor, as many cloud vendors will have very different contracting structures. Be sure to review exactly what service is being bought, along with carefully considering how you will “enter” into that cloud service and how you can ‘exit’.
If businesses neglect to consider a cloud entry and exit strategy, then the chance of being locked in is elevated. Once the business is happy with the contract and has established a link to how it can enter and exit, the cloud vendor should also demonstrate that they can deliver on that promise. If the business wishes to terminate its contract in two years to perhaps go back to on prem or join another cloud provider, how exactly will that be achieved. The important thing is to always ensure your business is prepared, as preparing for different scenarios will not only help to avoid cloud vendor lock in, but it will be key in any businesses data security efforts.
Is it important to think about what will happen to redundant hardware and the information stored on it?
You might have heard people talk about the ‘security threats that lurk in the cupboards’.
Essentially, decommissioning old hardware does not keep the information stored on it safe. If that piece of hardware becomes lost or stolen and cannot be accounted for, then it represents a serious threat to security.
Proper data sanitisation and erasure methods are therefore crucial. Some organisations might choose to physically destroy old hardware, but this type of process does not often involve a digital audit trail and therefore data is not necessarily well managed throughout its lifecycle. Physical destruction can also be very costly not just to business revenues but also in terms of an environmental impact.