How will the GDPR affect security in cloud computing?
Skip to Content

How will the GDPR affect security in cloud computing?

There is a lot of hype today about the prevalence of cloud computing in business. Yet when we get down into the numbers, cloud computing is far less prevalent than it might seem. Statistics from 2017 found that just 21% of EU enterprises used cloud computing in 2016, most of which was simply for hosting email systems or storing files in electronic form. Businesses are still hesitant about migrating their data to the cloud.

The rise of cloud computing has always been accompanied by questions regarding the security of data stored within it. And these concerns are likely to grow when the EU’s General Data Protection Regulation (GDPR) comes into effect in May 2018. The new regulations introduce a much greater territorial reach in terms of liable businesses and harsher fines for non-compliance. Despite the added risk, however, 54% of organisations have not started preparing for the GDPR.

With the GDPR a year away, in this post, we’ll explore the reasons organisations may remain sceptical about storing data in the cloud, and the best place for it to be stored when the new rules on data security come into force next year.

 

Is there security in cloud computing?

So, are you better served with company content kept on-premises or in the cloud when the GDPR hits? It seems most organisations believe the former is the safest route.

A 2015 study from BT found that 76% of respondents said security is their main concern when it comes to cloud-based services and 41% believed that all cloud-based services are ‘inherently insecure’.

We can see the logic behind such thinking. Storing important files and personal data on servers you don’t actually own, or can’t physically attend to can be unnerving. Understandably, not having the feeling of ‘total control’ over your data is going to put off some organisations.

But control doesn’t necessarily equate to security. The means of access to your data is more important than its physical location. As such, you need to focus on creating a clear, well-defined and well-executed security strategy and have the technology to back you up (speaking both figuratively and literally). You and your users need to:

  • Understand the security and governance requirements for your data storage systems.
  • Control access – understand how company information is accessed, and identify whether there are any potential vulnerabilities.
  • Test your systems to ensure security is always up to date and as comprehensive as possible.

So, is there a definitive answer to data being more secure if it’s stored on-premises or in the cloud? Not really. Generally speaking, on-premises systems are ageing—the older the security they utilise, the more easily it can be breached by hackers. Conversely, the public cloud isn’t dependent on older technologies, but hackers are targeting the cloud far more than on-premises environments.

Ultimately, the policies and governance measures your company has in place regarding the proper storage, accessing and sharing of personal information will determine how secure your organisation truly is—whether you’re in the cloud or on-premises.

 

Data security in Office 365

Thanks to their governance and compliance policies and inbuilt security measures, cloud-based platforms like Office 365 are a safer place for your content than many realise. Microsoft has already announced its commitment to the GDPR, explaining how security in the cloud, with the help of their enterprise products, can help you stay compliant with the GDPR. For Office 365, that includes:

Data discovery and identification

  • Data Loss Prevention (DLP) – identify over 80 types of sensitive data and take appropriate actions to ensure its protection.
  • Advanced Data Governance – set policies for managing the lifecycle of company data.
  • eDiscovery – identify content via metadata search across Office 365: SharePoint Online, OneDrive for Business, Skype for Business and Exchange Online.

Data protection

  • Advanced Threat Protection – protect email in Exchange Online against malware attacks in real time.
  • Threat Intelligence – enable alerts, policies and security solutions to uncover and protect against threats in Office 365.
  • Advanced Security Management – discover high-risk or abnormal data usage, alerting you to potential breaches.
  • Audit logs – monitor and track user and admin activities across Office 365.

For more information on preparing for the GDPR with Microsoft technologies, check out this article in the Microsoft Trust Centre.

 

Complete compliance doesn’t come easy

Such radical changes to the way organisations both inside and outside the European Union collect, process and access personal data means you should take as much precaution as possible when it comes to data management and security in the cloud. Let’s look at a couple of tools that can support you with compliance even further.

Building on security measures present in Office 365, Veritas’ 360 Data Management for GDPR can further an organisation’s ability to pinpoint GDPR maturity and locate and protect their data. An advanced eDiscovery platform is based on a powerful indexing engine, and integrated workflows enable workers to find and access documents even faster. Aggregated metadata analytics supplement this, allowing users to pinpoint risky files and act. Retention policies can also be immediately triggered to monitor breach activity and ensure compliance.

Check out this video on Veritas’ perspective on the GDPR to hear about the implications of the new regulation from the viewpoint of data protection experts.

Equivio, acquired by Microsoft in 2015, further enhance the capabilities of eDiscovery and information governance through machine learning technology. Giving you more granular search, Equivio applies advanced text analytics to analyse extremely large sets of data to create more accurate user searches and grant quicker access to the documents they need. Such accuracy has seen the tool gain wide-scale acceptance in the legal community, where employees in law firms have to deal with strict legal and compliance challenges. Having passed scrutiny under these circumstances, it could make for a valuable asset when it comes to GDPR compliance.

Advanced technology solutions like Veritas and Equivio can give you that added layer of security and some extra peace of mind. But what happens if you don’t know which areas of your business’ security need reinforcing?

A compliance assessment is your best first step in seeing what your company needs to do to ensure you’re complying with GDPR regulations when they take effect. To see how we could help, talk to us today.