- Security TWENTY
- Women in Security
With more and more enterprises adopting the cloud, businesses are reaping the benefits which include increased employee productivity and reduced operational costs. Regardless of size, organisations are implementing a number of cloud applications, which allow employees access to sensitive data from branch offices. With this widespread cloud technologies, a number of businesses have raised concerns about their data security, writes Joe Bombagi, Director of SteelFusion, EMEA and APJ at the IT product company Riverbed Technology.
A recent Unisys survey found 42 per cent of respondents stated security as the most challenging aspect of cloud management. With employees accessing and sharing sensitive data from worldwide locations and though a myriad of devices, organisations are now facing the challenge of protecting valuable intellectual property, customer data, and ultimately their reputation and bottom line.
Different countries have put in place their own set of compliance requirements. For example, the European Union’s General Data Protection Regulation (GDPR) will have a effect on all organisations that manage data within the EU, whether they’re based in Europe or not. Furthermore, organisations are facing similar data compliance legislation in the US, Russia, and the Middle East for instance. For companies with branch offices around the world, this is going to be quite troublesome, as they will have to ensure compliance with the regulations governing in each of the regions in which they operate. Non-compliance can result in steep fines and harsh consequences. Organisations will have to adopt entirely new protocols in terms of the way they source and handle their data. Here are a few actions organisations can implement to ensure they comply with regulations, regardless of location.
1. Employ a Data Protection Officer
A Data Protection Officer (DPO) is an expert in data-privacy law. They are responsible for conducting data privacy assessments and ensuring appropriate policies are in place throughout the organisation. Companies based in or operating within the EU will need to do one of two things: Name a DPO, and equip them with all the necessary tools, or provide a personal data map that explains why their business should qualify for an exemption. Whilst not all countries stipulate the need for a DPO, having a dedicated person responsible for the efficient management of data can help companies to ensure compliance with all information-related laws and regulations.
2. Map the flow of data
Businesses with global teams will be required to re-evaluate their security protocols and adapt to new regional laws. This will involve finding the right balance between protecting customer information and making sure users of that data can continue to operate in a similar way. This could prove to be challenging if businesses collected employee and customer information with only a vague sense of how the data might eventually be stored and used. Businesses need to fully understand where their data is stored and where it travels to. They may need to create maps describing the flow of personal data within their network. This is paramount as many companies collect user data and process it in the cloud, in a different region to where it originated from.
3. Regularly evaluate risk
There are a myriad of tools aimed at providing comprehensive network security, including vulnerability scanners, intrusion detection and prevention, and firewalls, to name but a few. Every organisation will have its own approach when it comes to their corporate network’s security. Regardless of which tool(s) they choose to use, it is important to recognise that no one tool is fool proof. A firewall will help keep people out, but does nothing to help once someone breached your network. Alternatively, an intrusion device will help identify when someone intrudes, but is helpless when it comes to securing your perimeter. Hence why it is so important for companies to regularly perform and record risk assessments. Using new tech, IT teams can easily monitor the network, report violations, address access concerns, and remediate any issues than arise. They can then use this information to ensure they know what is happening within their network, ensure no one is doing things they shouldn’t, and in the event of an intrusion, determine what’s happened and identify the necessary mitigation factors.
4. Develop strong privacy protections
Businesses should aim to have privacy protections built in throughout all of their operations. This involves evaluating what is happening in the cloud, as well as an understanding of how their different applications interact with one another. Through establishing holistic, real-time, end-to-end visibility into cloud and on-premise application performance across their corporate network, IT can determine how applications are performing. Equipped with this information, IT can then identify the cause of the performance issues, and address them immediately, and proactively improve performance. Improved visibility into application performance will ensure compliance with data security regulations and result in increased productivity and revenue for the organisation, as well as improved customer service, quality of productivity and employee engagement. With more organisations looking to move to the cloud for their day-to-day operations, visibility across public, private and hybrid clouds will become critical. With networks becoming increasingly complex, and highly distributed application architectures requires a radical new approach to how IT evaluates their network and its applications’ performance.
As today’s businesses go global in the cloud, having increased visibility, optimisation and control for networks and applications is a necessity. Provided the organisations and their decision makers make the time to fully understand new regulations, and seek to adopt the tools needed to capitalise on the cloud, there should be nothing standing in their way.