Cloud Security, Cloud Security

EDM Council — supported by AWS, Google, IBM, and Microsoft — releases new guidelines for securing the cloud

The Google Cloud logo is seen on a notebook at the Google Germany offices on Aug. 31, 2021, in Berlin, Germany. (Photo by Sean Gallup/Getty Images)

Amazon Web Services, Google Cloud, IBM, and Microsoft joined forces on Tuesday with the Enterprise Data Management (EDM) Council to publish a framework for managing data in the cloud.

The new cloud data management capabilities (CDMC) framework was developed over the last 18 months with participation from more than 100 leading companies. Along with buy-in from the four leading cloud service providers, the CDMC Working Group was chaired by Morgan Stanley and the London Stock Exchange Group, with project management from Capco, a consultancy with a focus on financial services.

CDMC consists of six components, 14 capabilities, and 37 sub-capabilities that promise to let companies across all industries more effectively manage their cloud environments. The six components cover the following areas: data governance and accountability, cataloguing and classification, data accessibility and usage, data protection and privacy, data lifecycle, and technical architecture.

“A critical next hurdle for the global financial services industry is the adoption of a standard set of best practices regarding the management of data in multi-cloud environments, particularly controls to protect data privacy and to comply with regulations,” said Rajiv Chodhari, vice president, financial services data and AI CTO at IBM. “The EDM Council has taken an important first step in aligning the financial services industry and its partners on these issues."

Industry analysts saw this announcement as a positive step by the cloud providers and potentially good news for enterprises struggling with multi-cloud environments.

“At issue is a problem that customers have brought upon themselves,” said Frank Dickson, program vice president for security and trust at IDC, who added that in trying to prevent vendor lock-in, customers have trumpeted the battle cry of multi-cloud and not fully anticipated the impact that the resulting complexity creates. 

“Complexity clearly makes environments more difficult to manage and easier to leave data improperly protected,” Dickson explained. “IDC has demonstrated a correlation between complexity and breaches. By creating standards, the cloud vendors are looking to address the complexity issue associated with data management and make it easier for customers to manage their multi-cloud infrastructure.”

John Yun, vice president of marketing at Confluera, added that it’s great to see companies in the cloud and cybersecurity industry collaborate to create this new framework. Yun said this effort exemplifies the much-needed focus on securing data and services in the cloud as organizations accelerate their cloud adoption.

“With organizations embarking on multi-cloud deployments, they are often confused on what best practices to follow across different cloud infrastructures and security practices,” Yun said. “Such collaboration has been a long time coming, but a step in the right direction. Organizations can take this opportunity to reassess their current process and solutions to better sync with the latest guidelines.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.