Plan for Data Security

By Bill Humphrey  |  Posted 2010-07-20 Print this article Print

2. Plan for data security

According to a recent survey of CIOs, security technologies ranked in the Top 10 Technology Priorities in 2010. Many cloud-based platforms provide compliance for SAS 70 (Statement on Auditing Standards No. 70: Service Organizations). Consider whether the PCI DSS (Payment Card Industry Data Security Standard) and the FISMA (Federal Information Security Management Act of 2002) are also a concern for your organization. Since retrofitting industry standards on a project nearing completion can incur additional cost, avoid this by making sure cloud and integration platforms are aligned with key standards up-front.

Once compliance requirements are identified, start planning for data movement. In cloud-to-cloud integrations, security-sensitive data should not persist on the cloud platform. While creating and using an intermediate data set might seem appealing, it adds little value and increases security risk.

When one or more applications or processes are on-premises, the data will then have to be sent into the cloud. If data moves in near real time, record by record, you won't need to persist the data. But if you have periodic batch-like processes, you will need some method to securely persist that data.

Therefore, look for an integration platform with both a lightweight "agent" for on-premises connectivity and the ability to push data into the cloud. If business needs or restrictions require a workflow to ship a "file" up to the cloud, consider both encryption and a SFTP Server hosted in the company's DMZ area. If your policies allow, you can also directly expose an on-premises application to the cloud with your integration agent.

Bill Humphrey is a PMI-certified Project Management Professional with more than 10 years of industry programming and technical experience in various languages and platforms. Bill has in-depth understanding of multiple programming languages/interfaces and knowledge of various business cultures, practices and ethics worldwide. At Pervasive Software, Bill leads all technical client-facing teams in support of the company's integration projects. Bill is responsible for managing cloud-based and on-premises technical solution architecture as well as designing and documenting best practices for a range of integration scenarios. Prior to Pervasive, Bill worked for HP Enterprise Business (formerly EDS) where he led the technical claims processing for several NHIC Medicaid programs. Bill holds a Bachelor's degree in Computer Science and a Master's degree in International Business. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel