Calamu: The Next Generation of Data Protection
Cloud computing has dominated the IT agenda thanks to its indispensability, which cannot be overstated. Since its advent, organisations have enjoyed maximal storage complemented by minimal costs and minimal management. Cloud is also much more flexible and, for many businesses today, has proven to be a lifeline while operating in lockdown.
Essentially, cloud is many great things: cost-effective, scalable, and a great asset for business continuity. However, one thing cloud is not is perfect, and often, organisations find themselves struggling to fully trust it.
When businesses make the transition to cloud, they have to relinquish control to a third party, which can be quite worrisome for IT personnel. Pre-cloud, companies took comfort in doing things their own way and on-premise. Of course, with cloud in tow, IT can no longer keep an eye on assets from within the office walls.
This can be a great source of unease for businesses. Security and governance have always been top concerns, but climbing penalty costs and increasingly stringent regulations are exacerbating worries further.
Despite this, all signs still point to the cloud, which has become non-negotiable for organisations today. Given that it’s going nowhere, businesses would do well to consider how they can build trust in the cloud and, in turn, embrace it.
The case for consistent security and governance
Firstly, Ana outlined how ensuring consistent security and governance across the data lifecycle could be invaluable to bolstering a business’s cloud confidence. With consistent security, companies can ensure that they have ‘no weak links in the chain’, and instead can be sure that connections are seamless between each other. Consistent governance, on the other hand, refers to knowing what your data is, as well as what is happening to it at every step.
Businesses pull at their data from all directions. From the moment the data is born, it’s moved around, enriched, and expanded while being taken through various motions: real-time analytics, reporting, machine learning, and so on. Ana outlines that by applying consistent security, you can ensure that there are no weak links in the chain, while also taking comfort in knowing that the connections are seamless between each other.
Better still, consistent security and governance reinforces regulatory compliance. In particular, organisations that are consistent in their security approaches find it easier to comply with regulations, as well as prove their compliance through the right governance processes. As an added bonus, both money and time are freed up in the compliance effort.
Another advantage, albeit less obvious, is the improved usability for application developers and users of data. Most often, usability isn’t front of mind. Ana tells us that “people either forget about it, or they don’t see it as a direct benefit of implementing security.” She explains that attitudes towards security often position it as preventative, hindering people from carrying out the tasks they would like to do.
However, if a business has good, consistent security across all of its activities, this can be particularly advantageous for its teams. Ana shared the example of application developers: they will have a set of design principles and technology practices that make it easier for them to get started with a new use case. They also make it easier to take that use case to production because “if you don’t bake security into your design process, you actually have to retrofit it when you’re trying to take it live and into production – and that is a huge, lengthy process.” By considering security first (or in other words, taking a security-by-design approach), application developers will find their lives are made much easier in the long run.
From a user perspective, consistent security means they can enjoy uninterrupted access by only needing to log in once to interact with every stage of the data lifecycle. What’s more, it also makes it much easier for users to get to the data they need when they need it, which ultimately means they can do their jobs better and more quickly.
Furthermore, if an organisation’s data is properly documented and catalogued, it becomes much easier to know what data is available to you and what it means. What’s more, individuals can rest assured that they are only accessing the data they are allowed to, and only doing what they are allowed to do with it. As Ana joked, with the right measures, “there’s no danger of accidentally getting yourself fired!”.
Above all, however, consistent security and governance ensures that all activities are properly audited and that the lineage is tracked, making it easier to prove in an audit. Not only that, but it also takes the strain off the governance team by enabling them to know what everybody is doing without needing them to declare it first.
To sum up its benefits, Ana concluded that “the experience as a user and developer is much more pleasurable if you have that security and governance. That’s basically the key advantage.”
In open standards we trust
In the latest EM360 podcast with Cloudera, Jan Kunigk, CTO EMEA, introduced us to open standards, which are also instrumental in building trust in cloud. Firstly, some background: open standards refers to principles that provide developers and vendors with the specifications to ensure interoperability, maximise developer productivity, minimise total cost of ownership, and vanquish vendor lock-in. Popular open standards that we use every day include HTML, IP, and PDF – it doesn’t matter which hardware or software you use, thanks to open standards, these are always accessible.
Open standards are available to any vendor, big or small. They are also free of charge, as well as free of intellectual property restrictions. Given the collaborative and open nature of them, they have been revolutionary in the cloud arena.
Historically, businesses have been subject to cloud vendor lock-in and, as the term suggests, have had no way out (well, not without spending serious time and money anyway). Lock-in arises namely when interoperability and compatibility are lacking between systems and solutions, but it can also be due to a lack of transferability of data and information.
The implications of being trapped by a cloud service provider (CSP) are significant. For instance, businesses locked into vendors would have to work within their predefined parameters, rather than making the technology work for them.
In another scenario, a CSP may unexpectedly hike up the price when renewing a contract, or they may decide that they are going to close up shop. Worse still, a business may learn that their CSP provider doesn’t work for them, but only after making the upfront investment. Then, of course, there’s always the possibility of a CSP and customer dispute, which is a lock-in that neither party would want to be a part of!
As a result of proprietary dominance in their cloud endeavours, many a business has been left with a bitter taste in its mouth. However, open standards has turned that narrative on its head by making vendor lock-in a thing of the past.
Since the introduction of open standards in the cloud arena, CSPs have had to offer them alongside their proprietary technologies so as to remain competitive. This in turn eliminates the chance of a lock-in. Furthermore, given that open standards drive interoperability, businesses can navigate much more freely and without being subject to lock-in.
Open standards also promote choice, particularly for off-the-shelf workflows and integration tools. Businesses can more easily integrate their business systems and supporting infrastructures, and in turn, can enjoy increased agility.
In terms of costs, open standards keep it at a minimum by reducing the number of tools required to support an environment. They also alleviate vendor licence costs, as well as forced upgrades, enabling companies to rid the possibility of expensive surprises.
Above all, having global or industry-wide standards builds trust in technology. Open standards are also subject to reviews in the event of new policies or discovery of errors, which can contribute for greater peace of mind in cloud endeavours.