How Data Privacy Reform Is Wreaking Havoc

Data Fallout.png
Disaster Plan.png
The Manuscript.png
Disaster Recovery Plan.png
Hair Loss.png

Data Privacy Reform Is Wreaking Havoc

Nations around the globe are stepping up efforts to better protect the personal data of private citizens. In particular, cross-border data security regulations and legislative reform is on the rise. The laws must evolve in order to mitigate theft, abuse and misappropriation of personally identifiable information (PII), better guard national security interests, and boost local economies. These reforms are all necessary and long overdue.

But as these nations seek legislation-based ways to adequately address how the PII of consumers, customers, employees, partners, and contractors are collected, stored and disposed, we’re also seeing global business strategies and processes being tossed into a sea of uncertainty.

Cloud computing is an established part of today’s international enterprise IT operational landscape, and adoption will continue rising over the next decade. More organizations of all sizes are turning to SaaS and cloud-based collection, storage and collaboration models to streamline efficiencies and share data easily on Multiple Devices across international locations. This migration to the cloud has been years, even decades, in the making.

Direct Conflict: Cloud vs. Data Privacy Laws

As we shift to mobile and cloud-centric computing platforms in the Workplace, we’re also making it more difficult to ensure the proper control of information and awareness of data flows in and outside of the enterprise network. The very nature of the cloud itself – fluid, centrally located, and available anytime from anywhere – is exactly what is creating new challenges for businesses that must comply with data privacy regulatory changes.

Pulse Check: Ovum Research

To develop a sharper picture of where organizations currently stand on their awareness and preparedness level for coming regulatory changes, Ovum Research surveyed more than 300 international IT decision makers. The results of this global research reveal a disturbing worldwide trend: a majority of enterprise leaders are confused about how new data privacy regulations apply to them, and are unprepared for the consequences of failure to comply.

Location, Location

From a legislative viewpoint, the matter of “where data resides” is critical as these new data privacy rules roll out. The Ovum research underscores that when it comes to the physical location of data, there is uncertainty and confusion.

Until now, a key benefit of the cloud was that businesses no longer needed to concern themselves with the physical location of their data. It was stored off-site, for all to share, as needed. Now, with the European Union (EU), Israel and the United States beefing up regulations with the goal of stopping the flood of Data leaks and stolen information, businesses must shift their approach to the cloud in a fundamental way. Suddenly, the location controlling the physical path of data matters.

The ability to control access to data and achieve regulatory compliance will heavily depend on the data’s location, a key factor in determining what legislation the data is affected by, and the level of access that should be available. Exerting control over data location is a challenge for many organizations, because most systems do not support the concept of data location being a business-related decision, and especially not cloud-based systems. Making matters worse, the exact definition of “data location” for regulatory compliance purposes varies from region to region. Organizations trying to achieve compliance will need options that offer control over data’s physical, logical, legal, and political location.

We are already seeing legal arguments being made in courts around the world that hinge on the fundamental concept of where data is located and controlled, and who has jurisdiction over that data (an example is the Microsoft case regarding data stored in Dublin, Ireland that is being requested by a US judge).

The Ovum research found that 50 percent of respondents’ organizations planned to change the primary approach to this control challenge during the next three years. This may suggest that organizations are waiting for a standard to emerge, and builds a strong case for an approach to cloud collaboration that provides various technical options, such as the ability to offer controls for physical and logical location.

No Control Over Cloud-based Services

It’s important to note that these data privacy regulations apply to cloud vendors, but they also extend to the individual companies using them. For example, the pending General Data Protection Regulation (GDPR) in the EU specifically targets any business that collects, stores, processes, and shares personal data on employees, customers, or partners. Failure to keep that information within the specific geographic location of the European Economic Area (EEA), whether intentionally or by accident (such as a data breach) will result in significant fines for that company.

Yet, the Ovum research tells us that many organizations are not leveraging available technologies to better protect sensitive data, either in the cloud or on-premise. Only 44 percent of survey respondents said they use technology to monitor user activities and provide alerts to data policy violations, and only 53 percent classify information to align with access controls. Almost half (47%) admitted that they have “no policies or controls” that govern access to consumer cloud storage and file-sharing system like Dropbox. This opens them up to enormous risk.

The Cloud: Here To Stay, But in Need of Better Control

While regulatory changes are wreaking havoc, that doesn’t mean that cloud services will fall out of favor. Just a few years ago, conversations revolved around whether the cloud should be trusted at all. Today, businesses do trust the cloud to protect the most sensitive assets, demonstrating a shift in sentiment toward its positive role in business today. The Ovum survey found that 58 percent of respondents trust the cloud for all business operations, despite the potential impact of pending data privacy regulations, all of which intend to change how data is stored, transferred, and processed around the world.

 

So, even with the changing regulatory climate, cloud computing is a decision that’s already been made. And yet, regulating cloud-held data is poised to become the biggest challenge facing legal practitioners, politicians, and businesses as they try to balance privacy with access and productivity. The cloud can still work in this new world of data privacy reform, in reality cloud services may be a more appropriate solution to the data sovereignty challenges as cloud vendors are already having to address the sovereignty issues and architect their solutions to address an ever changing landscape.

Enterprises are likely to lean more heavily on cloud vendors to be a part of the bigger solution rather than try to unravel the ever changing requirements single handedly. However, it will need greater control and visibility in each region where companies operate.

By Daren Glenister

Alex Tkatch

Dare to Innovate: 3 Best Practices for Designing and Executing a New Product Launch

Best Practices for Designing and Executing a Product Launch Nothing in entrepreneurial life is more exciting, frustrating, time-consuming and uncertain than launching a new product. Creating something new and different can be exhilarating, assuming everything ...
Threat Security

Azure Red Hat OpenShift: What You Should Know

Azure Red Hat OpenShift: What You Should Know What Is Azure Red Hat OpenShift? Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in ...
David Loo

The Long-term Costs of Data Debt: How Inaccurate, Incomplete, and Outdated Information Can Harm Your Business

The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...
Gary Bernstein

Most Dangerous Botnets That are Still in the Game

Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
James Corbishly

Addressing Teams Sprawl in the Remote Workspace

Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.