Alasdair Anderson , VP of EMEA at Protegrity , discusses responsible cloud migration and addressing data security challenges .

ince the world went digital the value

However , while data is widely regarded as an organisation ’ s main asset , data accountability is rarely owned , which can lead to errors that incur fines , loss in consumer trust and impact brand reputation . To ensure best practice , organisations should apply caution when considering their next step in Digital Transformation , such as when migrating data to the cloud .

Who are you giving the keys to ?

Utilising cloud software promises real-time data sharing and increased innovation through analytics , which can be beneficial to business growth . For fastpaced business environments and busy cybersecurity teams , it is attractive to opt for a third-party cloud vendor as it appears to be a simple solution , and robust cybersecurity measures can be assumed .

On the surface it is simple , however , further investigation provides concerning insights . Firstly , when a customer uploads data to the cloud , they surrender control of their data . Publishing data to the cloud gives the third-party permission to copy or move data without consent – sometimes to locations even the cloud isn ’ t aware of .

Cloud platforms are nebulous , leading to organisations often having their data spread across multiple levels , making it difficult to monitor and the risk of data loss a real threat . Further , when data is placed in the hands of another vendor , it possesses the passwords and encryption keys needed to secure the data . This means that data can potentially be accessed in its pure state by anyone , including partners . Publishing data to the cloud without considering data privacy is akin to giving a stranger the keys to your shop and trusting them to lock up .

The main issue here is data accountability . Resultsdriven organisations , perhaps too separated from their sensitive data , are looking for quick ways to optimise their data and share the responsibility . Unfortunately , in an eventual cloud breach , as cloud security offerings are often found to be lacking , cloud providers will find a loophole to pass the responsibility back to its user .

As such , the first step in achieving responsible cloud migration is for an organisation to recognise ownership and responsibility to the valuable data it possesses . Ultimately , the success in migrating to the cloud relies on data accountability and ensuring all members of the team understand the privacy policies surrounding it . Establishing a culture of organisational security and recognising the worth of one ’ s assets will make it less likely for the keys to be handed to a stranger without a background check .

Cloudy rules for data compliancy

Cloud providers don ’ t provide physical infrastructure for audits , nor are consumers permitted to verify vendor security , making background checks difficult . It instead relies on an honour system , which is in contrast to the standard practice in vendor data security of ‘ trust but verify ’.

Alasdair Anderson , VP of EMEA at Protegrity

WWW . INTELLIGENTCISO . COM 71