Daren Glenister

How Data Privacy Reform Is Wreaking Havoc In The Cloud

Data Privacy Reform Is Wreaking Havoc

Nations around the globe are stepping up efforts to better protect the personal data of private citizens. In particular, cross-border data security regulations and legislative reform is on the rise. The laws must evolve in order to mitigate theft, abuse and misappropriation of personally identifiable information (PII), better guard national security interests, and boost local economies. These reforms are all necessary and long overdue.

But as these nations seek legislation-based ways to adequately address how the PII of consumers, customers, employees, partners, and contractors are collected, stored and disposed, we’re also seeing global business strategies and processes being tossed into a sea of uncertainty.

byod

Cloud computing is an established part of today’s international enterprise IT operational landscape, and adoption will continue rising over the next decade. More organizations of all sizes are turning to SaaS and cloud-based collection, storage and collaboration models to streamline efficiencies and share data easily on multiple devices across international locations. This migration to the cloud has been years, even decades, in the making.

Direct Conflict: Cloud vs. Data Privacy Laws

As we shift to mobile and cloud-centric computing platforms in the workplace, we’re also making it more difficult to ensure the proper control of information and awareness of data flows in and outside of the enterprise network. The very nature of the cloud itself – fluid, centrally located, and available anytime from anywhere – is exactly what is creating new challenges for businesses that must comply with data privacy regulatory changes.

Pulse Check: Ovum Research

To develop a sharper picture of where organizations currently stand on their awareness and preparedness level for coming regulatory changes, Ovum Research surveyed more than 300 international IT decision makers. The results of this global research reveal a disturbing worldwide trend: a majority of enterprise leaders are confused about how new data privacy regulations apply to them, and are unprepared for the consequences of failure to comply.

Location, Location

From a legislative viewpoint, the matter of “where data resides” is critical as these new data privacy rules roll out. The Ovum research underscores that when it comes to the physical location of data, there is uncertainty and confusion.

Until now, a key benefit of the cloud was that businesses no longer needed to concern themselves with the physical location of their data. It was stored off-site, for all to share, as needed. Now, with the European Union (EU), Israel and the United States beefing up regulations with the goal of stopping the flood of data leaks and stolen information, businesses must shift their approach to the cloud in a fundamental way. Suddenly, the location controlling the physical path of data matters.

data-policy

The ability to control access to data and achieve regulatory compliance will heavily depend on the data’s location, a key factor in determining what legislation the data is affected by, and the level of access that should be available. Exerting control over data location is a challenge for many organizations, because most systems do not support the concept of data location being a business-related decision, and especially not cloud-based systems. Making matters worse, the exact definition of “data location” for regulatory compliance purposes varies from region to region. Organizations trying to achieve compliance will need options that offer control over data’s physical, logical, legal, and political location.

We are already seeing legal arguments being made in courts around the world that hinge on the fundamental concept of where data is located and controlled, and who has jurisdiction over that data (an example is the Microsoft case regarding data stored in Dublin, Ireland that is being requested by a US judge).

The Ovum research found that 50 percent of respondents’ organizations planned to change the primary approach to this control challenge during the next three years. This may suggest that organizations are waiting for a standard to emerge, and builds a strong case for an approach to cloud collaboration that provides various technical options, such as the ability to offer controls for physical and logical location.

No Control Over Cloud-based Services

It’s important to note that these data privacy regulations apply to cloud vendors, but they also extend to the individual companies using them. For example, the pending General Data Protection Regulation (GDPR) in the EU specifically targets any business that collects, stores, processes, and shares personal data on employees, customers, or partners. Failure to keep that information within the specific geographic location of the European Economic Area (EEA), whether intentionally or by accident (such as a data breach) will result in significant fines for that company.

Yet, the Ovum research tells us that many organizations are not leveraging available technologies to better protect sensitive data, either in the cloud or on-premise. Only 44 percent of survey respondents said they use technology to monitor user activities and provide alerts to data policy violations, and only 53 percent classify information to align with access controls. Almost half (47%) admitted that they have “no policies or controls” that govern access to consumer cloud storage and file-sharing system like Dropbox. This opens them up to enormous risk.

The Cloud: Here To Stay, But in Need of Better Control

While regulatory changes are wreaking havoc, that doesn’t mean that cloud services will fall out of favor. Just a few years ago, conversations revolved around whether the cloud should be trusted at all. Today, businesses do trust the cloud to protect the most sensitive assets, demonstrating a shift in sentiment toward its positive role in business today. The Ovum survey found that 58 percent of respondents trust the cloud for all business operations, despite the potential impact of pending data privacy regulations, all of which intend to change how data is stored, transferred, and processed around the world.

machinery-business

(Image Source: Shutterstock)

So, even with the changing regulatory climate, cloud computing is a decision that’s already been made. And yet, regulating cloud-held data is poised to become the biggest challenge facing legal practitioners, politicians, and businesses as they try to balance privacy with access and productivity. The cloud can still work in this new world of data privacy reform, in reality cloud services may be a more appropriate solution to the data sovereignty challenges as cloud vendors are already having to address the sovereignty issues and architect their solutions to address an ever changing landscape.

Enterprises are likely to lean more heavily on cloud vendors to be a part of the bigger solution rather than try to unravel the ever changing requirements single handedly. However, it will need greater control and visibility in each region where companies operate.

By Daren Glenister

 

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website

CONTRIBUTORS

Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...