CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

intralinks-ceo-ron-hovsepian

Living In A Post-Safe Harbor World: What Your Company Needs To Know

Living In A Post-Safe Harbor World

With the striking down of the Safe Harbor agreement in October, we have seen the tip of a data privacy iceberg whose global implications will play out well into the new year. In 2016, U.S. businesses can expect a regulatory domino effect that will occur region by region, as more governments will take steps to protect citizen data, preserve national security interests, and build legal fences to protect local businesses. These evolving rules will be determined within various governments, with different privacy concerns driving each set of regulations. It’s likely to produce more chaos before consistency.

As we close out 2015, representatives from the EU Commission and the U.S. have been working on the terms of a new data-transfer framework that will meet the EU court’s requirements. For U.S. businesses, January 31, 2016 will be when things really get interesting. That’s the deadline for the European Commission to agree on new Safe Harbor rules with the U.S. Right now, EU officials are still seeking greater clarity regarding the extent to which U.S. national security services can access European citizens’ data. If no agreement can be hammered out by this deadline, companies are will have to find an alternative to Safe Harbor or face non-compliance fines.

What does this mean for cloud providers and their customers? Consider that Europe’s General Data Protection Regulation (GDPR), legislation that is supposed to be finalized by the end of the year, will govern both data controllers (typically, companies that gather and control how data is used) and data processors (for example, cloud storage providers), no matter where they are based. The GDPR will also restrict and control how EU citizens’ personal data is shared outside the European Economic Area.

From a U.S. business perspective, the GDPR is fraught with compliance risks. The latest draft of the GDPR call for fines of up to two percent of annual revenue for companies that violate the rules, raising the distinct possibility of billion dollar penalties enforced to make examples out of organizations that continue to be careless with private data. To put this into perspective, a company like Monsanto could face fines up to $300 million, and the penalty for a company like GE could be around $2.8 billion.

Cloud structure sea change

What will all of this mean for how U.S. firms do business in the future? In 2016, we will see organizations change their approach to data transport and access. For starters, they will need to localize data policies to comply with the nations and regions where they do business, as well as where their data flows. What this means is that each geographic region will have a set of guidelines specific to handling data, as well as separate guidelines for communicating externally. This is already happening in the EU, with Germany setting more stringent data privacy rules than the rest of Europe.

data-policy

Further, organizations will also no longer be able to rely on centralized datacenters, and instead will need to rely on multiple datacenters, each subject to the specific region’s regulatory oversight. Businesses will also have to ensure that all of its cloud vendors meet the data guidelines set within each region in which it does business. We are already seeing a shift towards this model, with large providers such as Microsoft opening dedicated data centers in locations like Germany, the UK and Australia.

Making room for compliance in the C-suite

One way to handle these regulatory changes is for more private companies to add a new member to their C-suites: the Chief Privacy Officer. The CPO had historically been a role associated with government agencies, but that is changing rapidly. Any organization that collects, processes, or uses personal information across borders will need to implement information security plans to ensure that the personal data in its control is adequately protected. That’s the role of the CPO, and in 2016, it will be in high demand.

Organizations who are proactive and come up with an action plan that aligns with the new regulations will be ahead of the game. This means having end-to-end control over who accesses their data, wherever it travels. Too many companies have been standing on the sidelines, passively waiting for their vendors or the government to solve this. As we race towards the January 31, 2016 deadline, it’s becoming clear that action is needed. Some companies are moving ahead to devise a global solution without depending on the promised Safe Harbor 2.0. Others are taking interim measures such as legal boilerplate language to protect them. The high visibility of some, such as social media or cloud computing vendors, puts them at a higher risk for possible EU regulatory focus. The bottom line, however, is that the EU court decision is forcing all organizations that were part of the Safe Harbor framework to make risk-based—not just legal—decisions.

By Ron Hovsepian

Ron Hovsepian

Ron is president, chief executive and director of Intralinks, a publicly-traded provider of beyond-the-firewall collaboration technology solutions for the enterprise. Previously, Ron served as president and chief executive officer of Novell, from 2005 to 2011. He has held management and executive positions at IBM Corporation over a 17-year period, including worldwide general manager of IBM's distribution industries, manager of global hardware and software development, sales, marketing and services. Ron currently serves as a member of the board of directors of ANSYS, Inc. Follow Ron on Twitter: @RonHovsepian.

The Lighter Side Of The Cloud - Data Locking
The Lighter Side Of The Cloud - Application Forecaster
The Lighter Side Of The Cloud - Keys To The Car
The Lighter Side Of The Cloud - Mother Always Said
The Lighter Side Of The Cloud - Doomed
David

Future Data Storage Needs Increasing At A Rate Of Nearly 25X By The Year 2021

The Future of Data Storage Data is everywhere. In the security industry, there are close to 300 million surveillance cameras ...
How Artificial Intelligence Is Revolutionizing Business

How Artificial Intelligence Is Revolutionizing Business

Artificial Intelligence Revolution 84% of respondents say AI will enable them to obtain or sustain a competitive advantage. 83% believe ...
Artificial Intelligence And The Future of Accounting

Artificial Intelligence And The Future of Accounting

The Future of AI Accounting Artificial intelligence has become an extremely hot topic over the last couple years. While many ...
The Cloud Has Your Data (Whether You Like It Or Not)

The Cloud Has Your Data (Whether You Like It Or Not)

Cloud Cleanup Anyone? Following on where we left off from my last two articles now we shift focus to what ...
Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put ...
The Economics, Concepts and Fundamentals of Cloud Computing

The Economics, Concepts and Fundamentals of Cloud Computing

Fundamentals of Cloud Computing Addressing security concerns of the Public Cloud Enthusiasm for cloud computing has as much to do ...
Protect Against Network Failures

Five Things Organizations Can Do To Protect Against Network Failures

Protect Against Network Failures It is no surprise that whenever there is an outage in a public or private cloud, ...
[Free White Paper] Global Mid-Year Threat Landscape Report > Dive into the three major threats of mid-2018

[Free White Paper] Global Mid-Year Threat Landscape Report > Dive into the three major threats of mid-2018

[Free WhiThe use of unknown or unpatched software vulnerabilities in advanced attacks is key to threat actors, as it allows them to infiltrate organizations or distribute malware en masse to vulnerable systems. Download the free white paper now to learn ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...
Automate Service Management

[Free eBook] 150 Ways to Automate Service Management Throughout Your Organization…

Think about an IT Service Catalog as a supermarket of available services. Everyone in your company requests and delivers services from each other. From Human Resources and Marketing to Facilities and Procurement, each department is a service provider to the ...
12 Promising Business Intelligence (BI) Services For Your Company

12 Promising Business Intelligence (BI) Services For Your Company

Business Intelligence (BI) Services Business Intelligence (BI) services have recently seen an explosion of innovation and choices for business owners and entrepreneurs. So many choices, in fact, that many companies aren’t sure which business intelligence company to use. To help ...
HTML5 Speed Test

HTML5 Speed Test

HTML5 SPEED TEST SERVICES There is no made-for-all solution when it comes to optimizing a website for speed, and while putting a cloud platform in place is a good start, every cloud startup should ensure that they have an optimization ...
The Developer’s Guide to Azure

The Developer’s Guide to Azure

Develop on a cloud platform designed for you. In this update of the Developer’s Guide to Azure, see how the comprehensive set of Azure app platform services fits your needs. Use it to navigate the architectural approaches and most common ...