The Data Motility Dilemma
There’s no question that cloud computing has major benefits for enterprises of all sizes. Storing data on virtual servers ensures flexibility in access, plenty of storage and offers environmental and cost benefits. Like many things, though, with those benefits come drawbacks like security of your sensitive data, especially in light of data motility.
Coined by Dave Asprey, the term data motility should not be confused with data mobility. By its very nature, data stored in the cloud is mobile, capable of being accessed by anyone with the proper credentials at any time. Data motility, on the other hand, is the notion that while your data might be immediately accessible at any time, it’s not being accessed from the same place every time. Some experts have compared motility to your data actually growing legs and walking to another location—still within the cloud—completely on its own.
Why Does Data Motility Occur?
When you engage the services of a cloud provider, your data is stored in virtual servers alongside the data of dozens, if not more, other customers. As a result, your data is constantly being moved to make room for new data. In addition, because the cloud is so large, and there is potential for hundreds, if not thousands, of people accessing the data in the cloud at any given moment, vendors often replicate the data among several servers in a variety of locations. So while one day you might access your data from a server in Finland, the next day it could be in an identical server in Sweden or any other country where the company operates.
Why Data Motility is A Threat to Security
Clearly, with your company’s important data stored in locations worldwide, the potential for a security breach is high. When your data is stored alongside data from other organizations, you may not even realize someone has accessed your data without authorization until it is too late. Restricting access with passwords is not enough. You need to enact strong security protocols to protect your data from falling into the wrong hands.
How You Can Protect Against Data Motility Threats
Passwords are only the beginning of a security strategy when it comes to using the cloud. Perhaps the most important step to take when creating your virtual servers is to establish encryption. When data is effectively encrypted, it’s impossible to read without the keys. The effective management of these keys is especially important, and why Trend Micro and other providers offer policy-based key management services. Developing an effective encryption strategy not only protects your data from prying eyes—whether they encounter it on purpose or by accident—it also helps your organization comply with privacy and personal information laws in the locality where the data is stored.
The fact that data is stored in multiple countries when you use the cloud can present some headaches when it comes to security and data usage. For example, Canada and several European Union nations have strict laws when it comes to the use of personal information outside of their borders. Using effective encryption helps you stay within those laws. It’s not enough just to encrypt your data, though—you must know where it is being stored. Because laws differ so greatly from country to country, understanding where your data is stored can help you overcome security issues presented by data motility.
Another issue data motility presents is the amount of data you actually place in the cloud. In order to keep your data secure, you need to implement a policy of removing older versions and duplicates, preventing excess data from residing in the cloud. When data is not in the cloud, it can’t move to another location—meaning it’s fairly safe from possible security breaches.
Data motility presents a very real threat to the security of virtual servers, but by taking the proper precautions, enterprises can avoid some of the risks inherent in the technology. Carefully consider the cloud provider, confirming that the provider offers adequate encryption and key management, malware and intrusion prevention and detection and log inspection as well as breach investigation capabilities. By putting these protections in place, data motility becomes one of the more minor threats to your data security.