Why data governance is key for safe cloud computing

A recent report on Managed Datacenters and Cloud Services in Saudi Arabia, issued by Communications and Information Technology Commission, indicated that cloud computing services ranked third among the three services that witnessed the most tremendous growth between 2011 and 2014.
Spending on cloud services totaled SR189 million with a growth rate of 373 percent.
The study also showed that cloud computing services are expected to grow rapidly over the next five years, surpassing SR476 million in 2019.
The study showed that many organizations are realizing that procuring cloud services can give them access to better technology than they could implement or purchase on their own.
We can, therefore, feel that user confidence in cloud computing services is increasingly growing day after day.
However, full-scale cloud services adoption in public and private sector organizations is hindered by many concerns and challenges.
A major challenge is trust — in protecting the security and privacy of the company’s data when using services that require data storage, partially or fully, on the cloud.
Therefore, we must find ways to boost confidence in these services and check user requirements in cloud use, which are based on maximizing benefits, harnessing best technologies and at the same time, minimizing the potential risks.
One of the effective ways to reduce risks of adopting cloud computing services, is to find better approaches to manage and classify data within organizations.
This includes formalizing the definition of the organization’s data and producing and using this data by creating and implementing standards for managing it as an asset of the organization.
Under these criteria, data is classified according to its sensitivity level and impact toward the work of the organization.
For example, the British government has recently classified Government data into three levels: official data, secret data and top secret data.
Upon finding practical ways to classify organization’s data, each data sensitivity level is linked with certain security standards, which become more stringent for data with higher sensitivity and greater impact on the work of the organization.
By data classification, we can make more informed decisions on determining the cloud computing services that suit less sensitive data.
In turn, this creates less risks in case data was breached, which is unlikely to happen due to the huge investments done by cloud providers to build up confidence in these services.
In considering the data sensitivity levels of the British Government, official data can be completely managed by cloud services complying with the ISO270001 and ISO27018 security and data privacy protection standards.
As for the next data level, “secret data”, organizations can choose to use built-in (hybrid) cloud computing, which means organizations’ private systems services combined with the public cloud computing services using the same compliance standards.
However, storing Top Secret Data at the organization’s site is recommended, not because the cloud lacks security standards, but in order to manage risk in an orderly manner in line with the organization’s data governance and classification objectives.
The key to transforming future of cloud computing services is boosting user confidence that their data and its privacy are well protected.
This responsibility shall be on the two parties involved.
Thus, investment by the cloud services providers must be accompanied with investments from the organizations that use these services, in order to find modern data governance methods and manage and classify data.
This will enable these organizations to harness cloud computing services by reducing spending on hardware, devices, software and human resources on one hand and maximize the flexibility of organizations, their ability to adapt with market changes, beat competition and provide excellent services that are highly scalable and profitable on the other hand.
— Dr. Mamdouh Najjar is deputy general manager and national technology officer at Microsoft Arabia, Riyadh.