According to recent Business Technographics data, half of US enterprise technology management professionals report that there is 1.) no way to gain a single view of status and availability across their portfolio of cloud services, 2.) that they don’t have a clear way to assess the risk of using a third-party public as-a-service offering, and/or 3.) that they have no way to manage how providers handle their data.
An interesting debate is ensuing regarding how to best protect cloud data, given the market landscape. So far two modalities are emerging:
·A. Inserting in-line encryption between the enterprise and the SaaS provider that encrypts and/or tokenizes all data before it goes to the cloud to ensure safety interoperating within public cloud systems.
·B. The human-firewall model, in which IT closely monitors activity with context/content analytics and anomaly detection tools.
The truth lies somewhere between the two. By carefully applying Forrester’s data security and control framework, clients should incrementally encrypt data deemed sensitive to compliance or regulation, such as credit card and Social Security numbers, and closely monitor all activity across users and cloud applications.