Plan for Data Security
2. Plan for data security
According to a recent survey of CIOs, security technologies ranked in the Top 10 Technology Priorities in 2010. Many cloud-based platforms provide compliance for SAS 70 (Statement on Auditing Standards No. 70: Service Organizations). Consider whether the PCI DSS (Payment Card Industry Data Security Standard) and the FISMA (Federal Information Security Management Act of 2002) are also a concern for your organization. Since retrofitting industry standards on a project nearing completion can incur additional cost, avoid this by making sure cloud and integration platforms are aligned with key standards up-front.
Once compliance requirements are identified, start planning for data movement. In cloud-to-cloud integrations, security-sensitive data should not persist on the cloud platform. While creating and using an intermediate data set might seem appealing, it adds little value and increases security risk.
When one or more applications or processes are on-premises, the data will then have to be sent into the cloud. If data moves in near real time, record by record, you won't need to persist the data. But if you have periodic batch-like processes, you will need some method to securely persist that data.
Therefore, look for an integration platform with both a lightweight "agent" for on-premises connectivity and the ability to push data into the cloud. If business needs or restrictions require a workflow to ship a "file" up to the cloud, consider both encryption and a SFTP Server hosted in the company's DMZ area. If your policies allow, you can also directly expose an on-premises application to the cloud with your integration agent.