The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

The Sticking Points Of Security And Privacy

No matter how many times a privileged straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy and they care just as much about privacy online as they do offline” (Danah Boyd)

cybersecurity_infographic

Security and Privacy are the two sticking points when it comes to moving business systems into the cloud. Out of the two, security is obviously the most important. After all, you can securely store data in a way that doesn’t ensure privacy, but you can’t maintain privacy if your supporting systems aren’t secured. Thankfully, there are a number of straightforward internationally agreed upon standards and best practices that companies can use to ensure that their servers are secured either in-house or in the cloud. Privacy however is a much newer field, and although everyone seems to have their own opinion about what constitutes adequate privacy protection, the law may have a different opinion than you and doing business in the cloud you may be dealing with conflicting privacy regulations that span multiple countries and industries.

As we’ve seen with recent controversies such as the NSA scandal, this is still a relatively new area of concern and the courts are struggling to catch up with new developments. Although we can’t offer any legal advice, we would like to present some good general tips that companies should consider when evaluating the privacy of their data in the cloud.

1. Limit the Data you Collect – It’s common sense that protecting a small amount of personally identifiable data should be easier than protecting a very large quantity, and you should also ensure that any personally identifiable information that you collect should be obtained in an open, transparent and lawful manner. As privacy regulations continue to change and evolve you should expect to see a growing trend where notification and consent will be required from consumers. And as consumers become more knowledgable about their rights you can expect to see an increase in the number of disclosure requests or lawsuits made by consumers. By minimizing the amount of the data you keep on file, you minimize both the risk and the cost associated with administrating the sensitive information.

2. Limit the Use of personally identifiable information. – This includes letting them know why you need this information and what will be done with this information once it’s been collected and once you’ve collected this information don’t share it with anyone or use it for purposes other than those agreed upon by you and the client.

3. Keep the Data Secure – Make sure that you have tight controls in place to prevent privacy breaches or data leaks. Once personally identifiable information goes into your possession, you have a responsibility to protect it against unauthorized use, theft, improper disclosure or deletion. Talk to your IT department and make sure that you have all of the proper mechanisms in place to protect yourself against hackers, viruses, data storage theft and other technology attacks. Even if this data is stolen and misused by a 3rd party without your permission, the victims and the courts will still hold your company responsible

4. Set Policies for Retention – Regarding the limit of use, many people will mistakenly assume that an alternative method will simply be to collect data, use it and then destroy it when they’re done. Although this approach is good in theory, many regulations stipulate that business documents and collected customer information must be retained on file for several years. If you store data for too long you increase your exposure, but if you deleted too soon, you can fall out of compliance and face stiff penalties. Judges are also very aware of the fact that digital data can be easily altered without leaving a trace. So your company should have controls in place to ensure the integrity of the data and demonstrate to a judge that it hasn’t been tampered with.

5. Set policies for destruction – When you delete a file and empty the Recycle Bin you only erase the label and address which points to the data, the actual data blocks that make up the file are still on your hardrive and can be retrieved using special software. In order to completely destroy a file you must 1st delete it and then write over those data block with random bits. Let’s suppose that you are hosting a virtual server with a cloud provider. If that the cloud provider moves your virtual server to another physical device, the actual moving leaves out residual data blocks at the original location. If this section will be assigned to another client, they could potentially discover your data. How can you been absolutely sure that this data has really been destroyed?

So how do you make sure that you are protected in the cloud?

Cloud Providers are frequently audited by governments, stakeholders or larger customers in order to ensure that the proper security procedures are being strictly followed. For small businesses with limited IT resources the cloud is a good option because these service providers have much stricter security measures in place. But you shouldn’t rely on this alone. There are also mechanical precautions you can take in order to make sure your cloud data is destroyed. By encrypting your data blocks using strong encryption standards, such as 256 bit AES, you can store your data on a cloud provider servers without exposing it.

By Roland Conner

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Cloud Computing – The Good and the Bad

Cloud Computing – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be a big part of our future in both business and personal spheres. The current and future possibilities of global access to files and data, remote working opportunities, improved storage structures, and greater solution distribution have…

The FTC, Data Privacy and Facebook

The FTC, Data Privacy and Facebook

Data Protection Facebook is in deep water over their recent decision to start harvesting phone numbers from one of the apps they own, called WhatsApp. WhatsApp is a mobile phone app that allows people to place long distance phone calls and send SMS messages for free. A complaint was filed with the Federal Trade Commission…

Three Tips To Simplify Governance, Risk And Compliance

Three Tips To Simplify Governance, Risk And Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

The Annual Compliance & Ethics Institute:  Hot Topics – Cyber Security, Big Data, Privacy Breach Response

The Annual Compliance & Ethics Institute: Hot Topics – Cyber Security, Big Data, Privacy Breach Response

Cyber Security, Big Data, Privacy Breach Response MINNEAPOLIS, Aug. 30, 2016 /PRNewswire-USNewswire/ — Cyber security, social media, modern slavery, anti-corruption, export controls and sanctions, and privacy top the list of “Hot Issues” compliance and ethics professionals face each day. These and many other compliance and ethics concerns will be addressed at the 2016 Compliance & Ethics…

Top 5 Digital Health Trends

Top 5 Digital Health Trends

Digital Health Trends It is very important to keep up with the changing technology. However, it is also just as important to advance the consumer experience, care delivery methods and create opportunities for career development for the healthcare workforce. Five trends that are proven to be effective in winning in the digital age have been…

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners  Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards.…

5 Things To Consider About Your Next Enterprise File Sharing Solution

5 Things To Consider About Your Next Enterprise File Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

5% Of Companies Have Embraced The Digital Innovation Fostered By Cloud Computing

Embracing The Cloud We love the stories of big complacent industry leaders having their positions sledge hammered by nimble cloud-based competitors. Saleforce.com chews up Oracle’s CRM business. Airbnb has a bigger market cap than Marriott. Amazon crushes Walmart (and pretty much every other retailer). We say: “How could they have not seen this coming?” But, more…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

How Data Science And Machine Learning Is Enabling Cloud Threat Protection

Data Science and Machine Learning Security breaches have been consistently rising in the past few years. Just In 2015, companies detected 38 percent more security breaches than in the previous year, according to PwC’s Global State of Information Security Survey 2016. Those breaches are a major expense — an average of $3.79 million per company,…

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Why Cloud Compliance Doesn’t Need To Be So Overly Complicated

Cloud Compliance  Regulatory compliance is an issue that has not only weighed heavily on the minds of executives, security and audit teams, but also today, even end users. Public cloud adds more complexity when varying degrees of infrastructure (depending on the cloud model) and data fall out of the hands of the company and into…

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps To The Cloud Is A Business Decision

Moving Your Enterprise Apps Whether it be enterprise apps or any other, if there is any heavy data that is going to be transacted in and through an app, then affiliating it with the Cloud becomes a must. And then an important question arises: How do you decide when to integrate your enterprise app with…

Cloud Computing Myths That SMBs Should Know

Cloud Computing Myths That SMBs Should Know

Cloud Computing and SMBs Cloud Computing is the hottest issue among IT intellects of Small and Medium Businesses (SMBs). Like any other computer-orientated technology, Cloud Computing has some misconceptions and myths that often kick-start arguments among the two opposing groups: Cloud Supporters and Cloud Opponents. Both of these groups have their own ideology and reasons…

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT…