Symantec – Cloud Requires Security Diligence

FOSTER CITY, Calif. — Offloading IT infrastructure to a cloud-computing provider can result in great cost savings and more streamlined, flexible operations. Need more compute power or storage? Cloud systems like Amazon’s (NASDAQ: AMZN) readily scale so there’s no need to go through a time-consuming purchasing process or scrambling to find more room for an expanded datacenter.

But the cloud is not a panacea, and the need to adhere to information management best practices remains, Symantec (NASDAQ: SYMC), executive Deepak Mohan told in a briefing here.

Mohan should know.

In his position as senior vice president of Symantec’s Information Management Group, he oversees a range of products and services including archiving and backup to information management and regularly meets with enterprise customers.
The company also works
with leading cloud providers like Amazon
to ensure their services
are compatible.

He jokes that the cloud is very “cloudy” when it comes to enterprise adoption as companies are still experimenting with the best way to leverage it and feel confident their data is secure. Mohan said he’s frequently seeing a hybrid approach where companies rely on a cloud provider for storage or certain applications, but also maintain on-premise backup for security and recovery and to make sure they can adhere to compliance requirements.

“Inside the cloud, customers need the same level of security and data protection,” said Mohan. While managed service providers offer service level agreements (SLA) and security assurance, Mohan said companies can and should take extra steps to ensure there information is safe.

“There are many security endpoints with cloud services and that’s where authentication becomes very important. It’s a big area of investment for us,” said Mohan, noting Symantec’s recent $1.28 billion purchase of VeriSign’s (VRSN) authentication services unit.

“Amazon is going to encrypt and store your files, but the backup data stream may be unencrypted. So things like security in transit are services we provide that support the hybrid, cloud and on-premise use cases.”

Mohan also said it’s important for companies, particularly those in highly-regulated industries like finance and health, to be sure their information on the cloud is organized both for retention and compliance.

“The cost of legal e-discovery can exceed government fines. It’s very expensive to do on a reactive basis and lawyers love it because they charge by the hour and the page,” said Mohan. “What you want to do is instrument your information on the way in, not after the fact.”

Symantec is one of many providers that have services to index and protect data. Mohan said Symantec’s Enterprise Vault archiving platform follows the EDRM (Electronic Discovery Reference Model) and offers different export formats for outside council that are admissible in court.

“Some companies are ahead of the curve and moving proactively to make sure their information is being managed effectively,” said Mohan. “Another class of companies really gets serious after their first litigation request.”

David Needle is the West Coast bureau chief at, the news service of, the network for technology professionals.