Cloud entry strategy has been top of mind in IT organizations for years. Now that the industry has reached a level of maturity—with multiple players and offerings—the need for an exit strategy has emerged. Fredrik Forslund is the director of cloud and data center erasure solutions at Blancco Technology Group, which provides thousands of organizations with secure data erasure solutions. He recently sat down for a Q&A with IT Innovators to discuss the importance of plotting your exit before entering the cloud; a topic he will elaborate on at the upcoming Data Storage Innovation Conference in June.
The most common event is simply that you have increased competition in the market and you want to change your service provider because you feel that you can get a better offering somewhere else. Another event is structural changes. For example, you might be acquiring companies or you might be acquired or divesting part of your company. And then there are geographical concerns. Specific nations might have legislation in place that says certain data cannot leave geographical boundaries, and if something changes in that sense, overnight or over a transition period, you might be forced to exit one cloud service provider and move to another in a different geographic location. I think we’re going to see more of that going forward.
What are the risks associated with moving data?
First of all, you need to make sure that the actual transmission of data is done in a secure way, usually some form of encryption is used for that transmission. When you have confirmed that data is securely operational in the new location, you must remember to take care of your previous location. That’s where data erasure often comes in as a mandatory requirement. Today, you have specific known malware that can penetrate networks and get access to different hosting environments. As an attack, the malware will start recovering previously left behind data that has just been deleted, which is not the same thing as securely erased.
You’ll find a number of different maturity levels when it comes to providers. Some providers design their infrastructure, their architecture, everything, with security as their number one priority. Other providers might be giving priority to the lowest possible price—they might have some level of security, but compared to others, they might have big differences. So you need to understand what you are after when you are looking for your preferred cloud service provider.
How can risks be managed?
It comes down to traditional management procedures.