As the shift to home working has become standard for businesses globally, cloud is king. The pandemic, ensuing lockdowns and office closures increased the urgency at which enterprises needed to evolve, and the cloud has been a key enabler of that. Enterprises have undergone years’ worth of transformation in a matter of months, to become reliant on service delivery models hosted on cloud infrastructure.
Cloud providers have subsequently stepped up to bear the brunt of a transformed landscape. According to a recent IDC Survey Spotlight looking at the impact of COVID-19 on IT spending, more than a third of businesses are planning to move to the cloud more aggressively. We’re even seeing businesses who were opposed to the idea, embracing it. And we’re seeing businesses set out their stall in the ‘new normal’. Google will conduct all of its interviews on Hangouts, legal discussions are happening remotely. Telehealth is finally here too – and working to effect in cities and towns across the UK.
As COVID-19 has accelerated the move from a ‘cloud first’ to a ‘cloud now’ approach, the adoption curve is set to be compressed from decades to just a few years. And for many enterprises, without the opportunity to migrate much of the business to the cloud, they could now be looking at a very different reality. But as the approach becomes standard, enterprises need to ask the question, what about our data?
Understand what the organisation needs to take with it
There’s no shying away from the fact that change has come at every organisation and fast. And enterprises need to be mindful of their data when restructuring both operationally and culturally in response to change, as the risk of complacent handling of data is likely heightened. A critical decision ahead of any enterprise’s migration to the cloud is to comprehensively evaluate the data in its possession, assess its real business value and make decisions about what needs to be kept, and what needs to be appropriately sanitised.
The process of assessing data ahead of a cloud migration is a practice that any enterprise with vast data lakes should be carrying out as standard. It’s a basic hygiene factor that helps organisations stay on top of their data management practices and helps strengthen security. It’s crucial that the enterprise does not unnecessarily store data that no longer holds any value to the business. What this regular assessment of data presents is an opportunity for the enterprise to employ proper methods of data classification; categorising and organising data to ensure its most effective and efficient use and getting rid of redundant, obsolete or trivial (ROT) data.
Classification of data encourages enterprises to make decisions about what data should be saved, and what data should be sanitised. Why is this so important? Proper understanding of your data guarantees that it is always accounted for, ensuring compliance with regulations and risk mitigation. Furthermore, sanitisation and the erasure of unused data will ultimately save money. If you have less data to store, then you’ll have less storage to pay for.
Another practice that helps in reaching a conclusion on what data to move is to have a strong understanding of your data’s lifecycle. Enterprises can orchestrate a step-by-step approach of internal screening to garner a consensus on the perceived longevity and future use of data. Close, continued analysis of the value of data will give an idea of its lifecycle and ultimately contributes to cost savings.
Your cloud exit strategy is just as important
It’s important to think about where the journey might end before embarking on a cloud migration. The cloud market is competitive – and changes rapidly. It’s common for enterprises to restructure and shift providers, but at this point it’s crucial to have their data house in order.
Questions the enterprise should ask itself are: Can I ensure that all sensitive data will be properly erased when switching providers? Does my cloud provider have the means to sanitise that data? Do I have a full record and audit trail of all data that was stored with that provider? If all goes well, a company may never have to implement its data exit strategy. But it’s important to be prepared – and this contingency provides an additional security measure.
Redundant hardware – a risk lurking in the closet
Sometimes companies are so enthusiastic about a move to the cloud, they jump in, feet first with a full transition. And with the global health crisis urging so many enterprises to act fast, this is likely the case for a significant number of businesses. Typically, these companies take a hybrid approach to cloud services, storing data both on premise and off. In some instances, this is the best option as it provides full flexibility, but with so many employees now working remotely, the switch entirely to a public cloud for improved accessibility is likely to be the preferred option.
However, it’s crucial to think about the redundant hardware that the enterprise will be left with onsite. It’s just as important to handle this hardware with the similar thorough and rigorous processes you have in place for handling data. Data sanitisation is critical in this instance, to prevent any duplication of data on old systems and to mitigate the risk that decommissioned machines can represent. It is also crucial that any device or server that is retired from use is accounted for, to reduce the risk of a security breach if a piece of hardware is lost or stolen.
Sanitising redundant hardware not only reduces its potential security risk, but also prepares it for reprocessing and resale on the secondary market. The global e-waste crisis is reaching a tipping point and organisations need to rethink how they handle electronics at end-of-life. Giving them a new life in the secondary market is a key way of reducing both the environmental impact and unlocking the latent value of used devices.
Data management best practice is about the journey
The switch to the cloud is a key milestone in an enterprise’s digital transformation journey. But migrating data to the cloud does not remove the onus on the enterprise to regularly uphold data management best practice. Securing data is not a tick box exercise, but a journey and one that can be made simple by basic data security hygiene.
Keeping an audit trail of when data moves from your private legacy infrastructure into the cloud is one of the better ways to maintain a reviewal process and stay on top of your data. Data should be accounted for at every step of its journey. Constantly monitoring the data lifecycle will help to continually understand its value to the organisation. These processes are basic hygiene factors that should be implemented in a business’s data security strategy from the outset of acquiring a piece of data, especially to ensure regulatory compliance.
Enterprises have had to adapt to unprecedented situations in response to the pandemic. While migrating to the cloud might be a saving grace for many, there are significant considerations to make, to ensure ducks are in order and to avoid the regulatory repercussions from data mismanagement. Globally we operate in a data economy and getting the most value out of that data is an essential criterion for success. But cloud is not a panacea, and data management best practices will need to be well communicated and policies implemented to make the most out the cloud migration and ultimately mitigate risk.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.