“[Hybrid cloud is] definitely a way we’re doing business for now and forever because there are some companies where regulations require that they keep things local, that they can’t put everything on the cloud,” said Dean Webb, forum administrator, Networking-Forum.com in our conversation at the 2016 Security BSides Las Vegas conference.
For example, retention laws in Italy require data be stored on a tape, said Webb. You can’t do that in the cloud. While tape is being phased out for many storage set-ups, requirements may keep it around for a while.
Regulations or not “there’s always going to be an executive who says, ‘I feel more comfortable with that data stored locally,’” said Webb.
Much of this feeling is made by gut, and often by non-technical people. But that doesn’t necessarily mean it’s wrong. Webb spoke about understanding that feeling while at the same time trying to broaden understanding that it’s OK for your data to live somewhere else. He likened it to wanting your kids to be at home, but then again you send the kids to school. He said that school is just a cloud for kids.
But when data goes to the cloud, there are understandably many concerns one has about what level of access others you don’t know nor manage have to your materials.
There are so many questions, said Webb, such as, who owns the infrastructure that my data is stored on and what can they do to it? What level of power do I have to enforce my rules on data usage? Can I impose a penalty on a cloud provider?
If someone within your own organization accesses data inappropriately, you could fire that person. You don’t have the same access or insight into the employees at your cloud provider, said Webb.
Ultimately, regulatory requirements are going to keep the private and hybrid cloud around for a long time. There are some companies and some organizations that simply will never be able to go to the public cloud.
“I think legal teams need to be more up to speed on this technology so that way they’re able to say the right things and make the right entries and the right clauses to ensure that we have done this right so we can say we feel just as comfortable with the cloud as we do the local network and the only hindrance would be a legal requirement to keep data stored here rather than there,” said Webb.