December is Cloud Privacy Month
The cloud offers new and intriguing ways to collaborate in real-time. Businesses of all types are relying more and more on the cloud for storing, processing, and managing data. Educating yourself and your staff on the opportunities and risks associated with this technology is of the utmost importance. When it comes to making your decision on whether or not to implement cloud computing, there are many factors to consider. In this article, we’ll look at the pros and cons of real-time cloud solutions that help you make your decision.
Benefits of real-time cloud
The benefit of the cloud is that it offers significant computing capability and scalability that might not otherwise be affordable particularly for small and medium-sized organizations without a significant IT infrastructure investment. And the security, maintenance, and data availability are all on the cloud service provider. The security benefits of cloud-based systems include:
- Firewalls. These protect the perimeter of your network security and your end-users. They also safeguard traffic between different apps stored in the cloud.
- Threat intelligence. This is smart technology that spots security threats and ranks them in order of importance.
- Data masking. This encrypts identifiable information, such as names. It helps to maintain integrity by keeping certain information private, making breaches less impactful if they are likely to occur.
- Access controls. These protect data by allowing you to set access lists for different assets. Many retailers only allow specific employees to access certain files. This means that only certain people will be able to access certain information, and you can keep a better track of any breaches to prevent confidential data from being leaked.
- Disaster recovery. In the case of lost or stolen information, this is key. It helps to recover the information.
Risks in real-time cloud
While there are many benefits to using the cloud, it may also create new attack surfaces for cybercriminals to access, particularly for data breaches. Additionally, many organizations want to use legacy equipment that isn’t sufficiently secured, which can make the cloud even more vulnerable. Avoiding this growing security threat is going to continue to be a major focus for IT teams and doing so requires software and security that can handle cloud technology efficiently and effectively.
From a privacy perspective, it is sometimes difficult to negotiate with the CSPs, particularly if they are a large and popular provider. Oftentimes they cannot provide a report stating what their privacy management program is and the state of compliance. Privacy engineering is also something that many cloud solutions are not able to present any evidence of. An organization engaging with a cloud solution provider needs to understand how they will support them with any access requests (retrieving the personal information in a short period of time), deletion and correction requests, and how they will inform the organization in case of a breach, and plan they have to handle the intrusion.
The role of independent cloud audits
Most cloud services have integrated security systems to protect sensitive information and transactions, preventing the third party from eavesdropping or tampering with data being transmitted. In addition, to entice customers, many CSPs review their security programs using a third-party independent auditor and the most reputable CSPs have a better security posture than their customers. Some Cloud providers will have an ISO27018 certification for privacy assurance, however, those are few and far between. It is important for organizations to have their own due diligence checklists and obtain assurance of appropriate application of privacy controls within the CSPs.
Organizations need to understand their own security and privacy compliance requirements and match them with those offered by the CSP, to ensure their security and privacy postures are not compromised through the use of a wrong tool, configured in a non-secure and privacy-invasive way.
At MPC we have the expertise and the professionals to support the assessment of your choice of cloud providers, through an Integrated Privacy and Security Risk Assessment and offering Canada’s first free online collaborative Privacy Impact Assessment tool, which you can use to measure the data risk in various parts of your organization. Visit managedprivacy.ca to take privacy-as-a-service for a spin.