Follow Us

Industry Insight

Is compliance 'clouding' your judgment?

Cloud computing is growing, both as an external business tool and as a way to better manage IT in the enterprise. According to the Cloud Industry Forum, over 75 per cent of UK businesses will use at least one cloud service by the end of 2013 as companies jump at the chance to reduce their infrastructure, lower costs and become more agile.

This surge in cloud adoption has created a more stringent regulatory environment. Companies are becoming increasingly concerned about the security of their sensitive information in the cloud and the potential for the data to be exposed to a multitude of risks. Whether it be theft of sensitive information, surveillance in the cloud or penalties for non-compliance, numerous factors fuel concerns for the security of personably identifiable information.

Many organisations commonly assume that working with a cloud provider would either satisfy the compliance requirements or shift security responsibility to the cloud provider. However, a wide range of regulations and privacy laws make organisations directly responsible for protecting their own information.

Data Privacy and Protection - The Letter of the Law

In the UK, the Information Commissioner's Office (ICO) has the ability to levy severe financial penalties of up to £500,000 for companies that breach the Data Protection Act. It recently published guidance that has also put the onus on the companies owning the data. It assigns responsibility for securing information in the cloud unequivocally to the company that owns the data - not the cloud provider on whose systems it resides.

At a regional level, the EU has sanctioned both the Data Protection Directive of 1995 (46/ EC) and Internet Privacy Law of 2002 (58/EC), which cover the electronic processing and storage of personal information. Businesses are required to notify data owners if their personal data is being collected, secure data from potential abuses, and only share data with the subject’s consent.

And at the industry level, the PCI DSS (Payment Card Industry Data Security Standard) is a worldwide information security standard requiring all merchants to protect their customers’ account data from unauthorised access and misuse. In the case of cloud computing, PCI guidance echoes the ICO’s and assigns security responsibility to the company using the cloud.

The below guidance can enable organisations to continue their cloud adoption journey while protecting their customer data as directed by the letter and spirit of the compliance regulations.

Failing to address these security issues can result in stiff fines if their data is exposed in the event of a breach and loss of reputation. To meet these tighter regulations, businesses need to deploy a cloud information protection strategy to ensure sensitive information is secure and compliant, wherever it resides.

Discover, Protect and Enable

To help protect information in the cloud, users first need to know where it is located, who has access to it, and which data compliance laws apply to it. This then ensures the correct tools are in place to protect the information according to requirements.

Encryption and Data Loss Prevention (DLP) technologies are crucial tools in the fight to defend sensitive information. Use military grade encryption to scramble sensitive information into gibberish, which protects that data from cloud breaches and surveillance. By keeping the keys that encrypt and decipher information under the control of the user organisation, this ensures that only the data owner, not the third-party cloud provider or an uninvited surveillance tool in the cloud, can see information in its clear text form.

Customising DLP policies to scan, detect and take action will protect information according to its level of sensitivity. Identifying malware in real-time on information exchanges in cloud applications allows for detection and prevention of viruses, malware and other embedded threats.

A new innovative approach to encryption, called operation-preserving encryption, can successfully enable companies to address the long-standing problem of breaking cloud application functions. This advancement allows users to encrypt sensitive information, while still preserving the usability, performance and functionality of the cloud application including, searching, sorting and reporting.

With new PCI and other regulatory mandates in 2013 pinning security and compliance responsibility on cloud users, a proactive cloud strategy such as this can save businesses money and reputational damage even in the event of a breach.

Posted by Paige Leidig, CipherCloud

Enhanced by Zemanta

Tags: ciphercloud, cloud, cloud computing, data loss prevention, information privacy, payment card industry data security standard, pci dss, security, software as a service

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons

For website issues:

For commercial queries
Russell Kearney

For more contact details click here.

Email this to a friend

* indicates mandatory field

Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map