 | Issue: | Global 2012 |
| Article no.: | 10 | |
| Topic: | Why business should not be complacent about data security in the cloud | |
| Author: | Angus MacSween | |
| Title: | CEO | |
| Organisation: | iomart Group | |
| PDF size: | 264KB |
About author
Angus MacSween is CEO of UK cloud computing and managed hosting services company iomart Group plc.
Article abstract
When businesses place their data in the cloud they do not automatically hand over sole responsibility for the security of that data to their hosting provider. While data centres must earn trust by ensuring they have the right security measures in place, the responsibility to protect data is a joint one. To prevent the possibility of cyber breakdown, businesses need to see their hosting company as a trusted partner and not simply as a provider.
Full Article
Businesses are undoubtedly too complacent about data security in the cloud; but it is a complicated issue for many businesses in the UK and around the world. It’s important to understand what data security is; why businesses that are storing their data off site need to be aware of their own responsibilities; and how the industry and Government is facing up to the challenge of cyber security in this digital age.
The Thesaurus definition for ‘information security’ is ‘protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.’ If we substitute the word ‘information’ with the word ‘data’, it therefore follows that we have to work out how best to protect and store our data safely and securely.
The need for protection becomes obvious when you read some of the predictions. According to industry analyst Gartner, by the end of 2016 more than 50 per cent of Global 1000 companies will have stored customer-sensitive data in the public cloud. At the same time Gartner predicts that through 2016 the financial impact of cybercrime will grow tenper cent per year, as hackers discover how to take advantage.
The point Gartner is making is that IT delivery methods are changing as quickly as they are architected and with the exponential growth of mobile Internet-connected devices being used for work purposes, those who are motivated to hack into the systems being used to store data from those devices are becoming much more innovative at exploiting them.
So, as more and more businesses move their data into the cloud, i.e. out of their own IT environments and into someone else’s data centre, the challenge is to make sure that any threats that data faces are met both by those businesses themselves and the companies with which they choose to host that data.
Security policies
As a data centre owner and cloud operator, I am constantly challenging my own team about our security, compliance and service level agreements. I expect every single one of our customers to be doing the same.
Businesses should always be asking themselves, ‘Do my cloud provider’s security policies and procedures meet and exceed those of my own organisation?’ and ‘How rigorous are our own security policies?’ Protecting confidential information is a legal requirement for most businesses and losing it can incur significant financial penalties. The 2011 annual study by the Ponemon Institute ‘UK Cost of a Data Breach,’ found that the average cost per capita of a data breach had risen to £79 per record, up from £71 in 2010 and 68 per cent higher than in 2007 when it was £47.
We have all experienced the explosion in electronic and digital information and the challenge is to make sure that the data we collect and store is not merely adequately protected but encased in reinforced protocols. The lines are becoming increasingly blurred about where the responsibility for data security lies and therefore the possibility of failure is ever present.
The fact that the data centre you use for your hosting carries out penetration testing to check that its systems can repel cyberattacks and has the ISO accreditation for Information Security Management Systems does not negate the fact that as a business you must ensure that the security practices within your own organisation match up. In a way it comes down to the fact that all of us are human beings and as we know human beings are fallible. Through something as simple as your passwords, breaches can occur. Employee negligence is now responsible for 36 per cent of all data breaches in the UK.
Europe and the UK are waking up to the increasing threats to cyber security. The European Commission has announced plans to set up a dedicated centre to fight cybercrime. The UK Government has created an Office for Cyber Security and has set aside £750m to strengthen legislation and help train law enforcement agencies and the judiciary. But how do you legislate for plain stupidity or lazy business practice?
Even the UK Government’s Special Representative to Business on Cyber Security, former security minister Baroness Pauline Neville-Jones, has admitted that making cyber security a business critical issue is difficult. She believes that private companies should have a statement on their cyber security strategy in their financial reports. But is this really going to achieve anything?
Big data
We are now firmly in the era of big data – data is streaming into even the smallest businesses from a wide number of sources. Individuals are using social media for everything from buying their groceries, to rioting in London or fermenting political action in the Middle East. Videos, apps, games, emails, documents – we download, send and store them all. And all the time we forget, or are afraid, to periodically review and delete them. You would be amazed at how many businesses for instance, archive their spam.
Soon the desktop computer will be gone and smartphones and tablets will be our main work and home tools. We’re at a point now where businesses are allowing employees to use their own mobile devices for work and yet we seem to have missed the opportunity to institute rules in advance of this development. Sensible housekeeping is a must.
Businesses need a change of focus to ensure that security strategies are at the heart of their operational strategies to ensure the protection of their intellectual property as well as their internal and customer data.
Data is empowering but with power comes risk. Businesses must co-ordinate their data security provision by building solid two-way relationships with their data centre providers. Businesses that view their hosting company as a trusted partner and not simply a provider are much more likely to put the right security solutions in place. Simply handing over your data to an ethereal cloud is not enough.
