More businesses are taking to the cloud to store their data and applications. While cost savings and efficiency make the cloud an appealing option, the associated security requirements are often overlooked.
Protecting your data is both a legal and a commercial requirement, so how can you be sure that your cloud services provider meets the level of data protection required. For starters, they should be adhering to the following standards:
Regulation, legislation and accreditation
Data protection goes way beyond physical security, and there is a raft of industry regulation and government legislation in place covering the topic. The three most important of these are the Payment Card Industry Data Security Standard (PCI DSS), the UK Data Protection Act (DPA) and the ISO/IEC 27001.
PCI DSS
Adopted globally, PCI DSS is an information security standard for organisations which process, store or transmit cardholder data. The standard was created to increase controls around cardholder data and its principles require participants to assess for vulnerabilities, remediate vulnerabilities and report compliance.
DPA
All UK companies and organisations are bound by the DPA, which is bound to the EU Data Protection Directive. In a nutshell, The DPA stipulates that appropriate security measures must be in place to prevent the personal data a business holds from being compromised in any way.
ISO 27001
ISO 27001 is an Information Security Management System (ISMS) standard, intended to ensure that adequate and proportionate security controls are being taken to protect information assets. ISO 27001 mandates specific requirements, and organisations that have adopted ISO 27001 can therefore be formally audited and certified in compliance with the standard.
In order to comply with the regulations and guidelines listed above, providers must protect the data they hold from a number of risks:
Unauthorised access to premises
Physical loss of data-storage devices
Cybercrime - both targeted and random
Poor internal IT security.
Physical loss of data-storage devices
Cybercrime - both targeted and random
Poor internal IT security.
Many believe that the safest way to protect data, is to keep it in-house. Others believe outsourcing is more secure. To some, the cloud may appear to be more vulnerable, as the data is in someone else's hands. However, data centres built to modern security standards will almost certainly be more secure than in-house environments.
The reality is that many businesses use elements of cloud already, often without even acknowledging it: websites, for example are likely to be hosted by a third party, as are many common office applications, such as HR or accounting programs.
The increasing dependence on the cloud means that businesses considering outsourcing should be asking themselves, not so much should they do it, but when, how and who with. More important is the question, "can I be sure my data is secure?"
With so many potential risks, it's essential that businesses are asking their cloud service providers the right questions about the people, processes and technology that will be responsible for protecting their data, and ultimately, their business.
0 التعليقات:
إرسال تعليق