More than eight in ten companies are now using some form of Cloud computing solution. This is proof that the benefits of the Cloud are becoming more widely accepted amongst enterprises. Moreover, positive steps are being made toward further boosting Cloud services in the EU. In September, Neelie Kroes, Europe's Commissioner for the Digital Agenda, released the paper, "Unleashing the Potential of Cloud Computing in Europe." This outlines a number of recommendations designed to drive European businesses and the public sector into the Cloud. The goal is to create 2.5 million new European jobs and boost GDP in the Single Market to EUR 160 billion by 2020.
Data security in the Cloud
However, whilst European organisations are being won over by the benefits, confusion still surrounds the issue of data security and privacy in the Cloud. Data is having an increasingly hard time crossing boundaries for this reason. Countries are demanding that data is housed inside their borders, which requires more local datacentres and causes problems for international businesses. The EU in particular is enforcing data protection laws and regulations to this end, casting more confusion for businesses wanting to adopt the Cloud, but worried about breaching changing data regulations. The Information Commissioner’s Office (ICO) recently made a start at equipping organisations to tackle some of the issues around data security in the Cloud and ensure they are complying with the Data Protection Act 1998 (DPA), with a guide to Cloud computing.
Compliance and regulation is a key factor when it comes to data privacy in the era of Cloud computing. The most important responsibility for security professionals is to be aware of the regulations they need to adhere to. As always, knowledge is power. All organisations must ensure that the person responsible for the safety of their data is armed with the right know-how to enforce regulation and compliance within the business. With people from every corner of an organisation accessing the Cloud everyone needs to be educated about what they can and can’t do.
Prevention is better than cure
In many cases, one of the biggest threats to an organisation’s data is the people it employs. Recent research revealed that for nearly half (48%) of senior IT professionals in the UK, sensitive personal data contained in their company’s databases and applications has been compromised or stolen by a malicious insider. 60% also agreed that the inevitability of a data breach in the Cloud is such that it is likely to have happened already or will happen in the future.
Preventative measures can be taken, including the likes of data encryption and data masking solutions. In order to know the right route to take organisations need to fully understand the impact of a breach to their business, along with the likelihood of it happening, so that the right measures can be taken.
When managing large amounts of information the cheapest option is often to take data in a datacentre and put it in the Cloud – the return on investment is instantaneous. However, the worry for companies is that they have lost control over data security. However, it is worth bearing in mind that the service providers managing these datacentres will be experts in data security; more so than those within a business who may count data security as part of their wider responsibilities. This is where the need for robust service level agreements (SLAs) comes in. As organisations educate themselves to better understand and articulate their data security needs, Cloud providers will in turn be able to provide a tailored service, backed up with an SLA that puts concerns at rest.
As technology continues to advance, so too do the threats that exist for both company and customer data. Criminals continue to get smarter, so this is no time to sit back. The organisations most likely to avoid the data security pitfalls, in and out of the Cloud, will be those that think ahead to the next challenge and avoid becoming an easy target.