Originally published on Business2Community blog
In days gone by, companies maintained their data in-house, on their own systems. They assumed that their internal IT infrastructure, along with backups that were often stored off-site, would be sufficient.
So, if there was a “crash,” data would never be lost. These types of data security backup solutions were often expensive and complicated, and most lacked encryption.
What Types of Data Need to Be Protected and Secured?
Depending on the business sector, there is a wide variety of data that should be protected and secured:
- Personal and financial information of customers
- Personal information of their employees. This includes health information, according to HIPAA rules and regulations.
- Health care providers must secure all patient information, again according to HIPPA regulations.
- Protect proprietary information from breaches by competitors.
- Contracts and financial/accounting data must often be kept confidential
What is Cloud Security?
The basic concept behind cloud services and security is that a hosting entity has a certain amount of secure storage space, and organizations can backup their data or house all of their critical and confidential data in that space through a contractual arrangement with that host, eliminating on-site, less secure storage.
The host, in turn, is responsible for securing data in the cloud, based upon the details of that arrangement. In this respect, cloud computing is a more secure method of data storage and protection, at least in principle.
Government Legislation and Regulation Further Complicate Security in Cloud Storage
Given the data breaches in recent years, governments have stepped in to set regulations for security and protection that impact cloud infrastructure and cloud applications.
The EU has adopted the General Data Protection Regulation (GDPR) providing a common set of rules for protecting personal data across the continent. Among some of its major provisions, the following are included:
- Businesses must have privacy policies and the technology in place to protect personal and financial data of individuals with whom they do business
- There are fines imposed for failure to comply with the regulations
- There are provisions for compliance reviews
- Companies must report data breaches within 72 hours of the event and then must notify all impacted individuals and develop plans to assist them should their information be compromised.
- There are also regulations relating to the international transfers of personal data outside of the EU
Best Practices/Strategies for Business to Protect Data in the Cloud
There are some key strategies that businesses can implement to ensure greater data security, as follows;
· Carefully compare the differences between public cloud, private cloud, and hybrid cloud storage.
· Check out reputations. Before you choose any cloud service, make sure that you have researched their track record.
· Two-step authentication is important. Most major cloud services offer this, and it does provide an additional layer of security.
· Always use third-party encryption for transport.
· Make challenge questions unique and uncommon.
· Pick the right tools.
· Control devices. The increase in “bring-your-own-device” trend creates a real threat to data breaches.
Continue reading this post on Business2Community blog and you’ll have more details on this topic.
