Podcast: Cloud storage, data protection and compliance

In this podcast, we have a look at cloud storage and how one can retain management of it from a compliance perspective, with Mathieu Gorge, CEO of Vigitrust.

We discuss concerning the difficulties that come up because of with the ability to simply provoke cloud storage cases. The chances are prospects can fail to maintain observe of the place data is, who owns it, who has entry to it, how it’s protected and whether or not it’s compliant. That threat is heightened by present geopolitical occasions, such because the Russian invasion of Ukraine and ensuing sanctions and responses.

Gorge talks about how one can get management of your data in cloud storage through means equivalent to data classification and use of useful trade frameworks.

Antony Adshead: What threats to authorized and regulatory compliance does storing data within the cloud pose?

Mathieu Gorge: I feel the primary challenge right here is that we’ve obtained extra and extra data within the cloud and much less and much less on-premise, and that is smart from an operational and monetary perspective.

But from a contractual, authorized and compliance perspective, it brings up numerous challenges. Where is the data? Who owns the data? How is it backed up? Is it truly backed up? Is it saved in a authorized and compliant method? Is it saved in the correct place?

We know proper now with all of the geopolitical dangers that for those who had data in Russia, with western belongings being taken over by the federal government, you truly lose that data – even you probably have a backup, the Russian authorities would have a replica of it. So, we’re seeing extra corporations doing table-top workouts attempting to know the place the data is, and what they’d do in the event that they wanted to exit a rustic.

The fundamental problem is that we have to perceive what number of cloud suppliers you might have, are you able to belief them, do you might have the correct contracts with them? And do you truly know the place your data resides?

Unfortunately, most corporations battle with that. They don’t essentially perceive their ecosystem. It’s simply really easy to start out a brand new cloud system someplace else, and that’s why it’s so well-liked. But the difficulty arising out of that’s that you just don’t essentially have management of the data that’s within the cloud, you don’t know if it’s backed up the correct manner, and from a data protection and compliance perspective, that turns into a little bit of a nightmare.

Adshead: What are the implications of those threats for backup and data protection specifically?

Gorge: The implications are that you could be lose some data, chances are you’ll not have the ability to retrieve some data, or entry some data, and/or third events that aren’t authorised could possibly entry the data as an alternative of you and copy it.

So what it is best to keep in mind is that relying on the place you reside and relying on the kind of data that you just take, whether or not it’s bank card data, protected well being data or any sort of PII, you might have necessities below the legislation and varied laws to guard that data. You want to have the ability to, for instance, say that you’re in compliance with PCI, HIPAA, or GDPR.

The problem with that’s you may solely do it if the place your data is, and for those who’ve categorized the data, mapped it out and specified who has entry to it below what circumstances.

One of the great issues about cloud is that it’s fairly well-monitored by regulators and varied associations. So, for instance, you’ve obtained ENISA, the European Network and Information Security Agency, which is absolutely lively on offering cloud protection pointers; you’ve obtained the Cloud Security Alliance, which is superb with cloud safety metrics and framework to start out defending your data within the cloud. Every yr, they do an occasion at RSA referred to as the Cloud Security Summit.

Also, you might have CNMC from the US authorities, which is for anybody coping with data within the cloud for presidency. It’s framework that permits you to map out your data storage, to categorise the data and reveal that you’ve got the correct safety and compliance ranges.

On stability, there’s no scarcity of assist to handle data within the cloud and compliance. The problem is absolutely attempting to map out the data, as a result of it doesn’t matter what framework you utilize or what technical answer you utilize. You have to know the place the data is. There’s a lot data within the cloud – and data within the cloud that you just’re not conscious of – and that’s creating a niche in your safety evaluation.

The recommendation can be to map out your whole suppliers, third events and fourth events, and ensuring you verify the place your data is residing. That’s actually the important thing.

Read extra on Software-as-a-Service (SaaS)

• Podcast: 2023 compliance and storage outlook

  

  By: Antony Adshead

• Podcast: War, geo-political threat, data storage and compliance

  

  By: Antony Adshead

• Podcast: 2022 compliance preview – GDPR goes international

  

  By: Antony Adshead

• Podcast: Cybersecurity Awareness Month, Covid-19 and storage

  

  By: Antony Adshead