16.06.2017

Why GDPR compliance should never be assumed in cloud services

Since the rise of the number of cloud services that are available for businesses to use, more and more companies are taking the decision to store their data in such provisions. However, there are a huge number of companies who are failing to do the right checks with regards to their data to ensure that it is secured in compliance with GDPR, and this could mean that not only themselves, but also their customers, are at risk of having their data compromised.

 

Last year, a new General Data Protection Regulation stated that businesses have under twelve months before changes will be made with regards to the way that their data must be stored. Thanks to the fact that more companies are using cloud services than ever before, they must check that the providers are compliant with the regulations – and a failure to do this will result in them being fined heavily.

 

There is a worrying statistic in this respect, with only 54% of businesses thinking that their company are doing everything that they need to in order to make sure that any data stored in a cloud service is being stored securely and in accordance to guidelines. This would suggest that there is a huge amount of data that is not stored in the correct way, and as a result of this there are many people who are at risk of a data breach – despite the fact that most won’t even be aware of the fact that their information is even at risk in the first place.

 

Many businesses believe that once their data is stored in the cloud, they have done everything that they need to do to make sure that it is secure, but this is not the case. Just because something is out of sight doesn’t mean that it isn’t safe, and even though your own network might be as secure as possible, this doesn’t mean that this is the same for the cloud provider that you have chosen.

 

One of the main issues at hand is a lack of communication between the business and the cloud provider, and a lack of discussion about the actual importance of security once information is in the cloud. It isn’t necessarily difficult to make sure that compliance is achieved, however it is necessary for the correct questions to be asked to the right people.

 

First, a company needs to make sure that the cloud provider they have chosen is actually right for their needs. There are lots of different providers with different storage and security provisions, and no single way is going to suit every company – so there needs to be a huge amount of research done about the various provisions before a final decision is made.

 

When a decision has been made about the provider, questions then need to be asked about the security that is in place once data has been uploaded to the cloud. The main thing is to understand who exactly is able to access your information, and how you are able to control this. You should have, at the very minimum, two-factor authentication, key management and encryption as a part of your service – or it simply isn’t secure enough for the sensitive information that you will need to upload. Recent research has shown that 4% of breaches were secure, which means that once data was taken, it was not able to be used because it was secured correctly. It is important that this figure rises, to ensure that data is kept as safe as possible at all times.

 

Less than a year from now, if a breach occurs within a company, they will legally have to tell individuals who have been affected. This means that such breaches won’t be able to be ignored as they may currently, and it means that appropriate action will have to be taken in order to prevent this from happening. If companies do not work with these guidelines, then they will be fined heavily, and it is currently suggested that the fine will be around 4% of their yearly turnover – which could equal a really severe fine if something should happen.

 

Although many businesses are currently refusing to face up to what needs to be done in relation to these issues, it is something that they will no longer be able to ignore thanks to the fact that almost everything that they do in their business will be affected by GDPR. Although it might seem as though there is a long time for companies to prepare for this, it takes time, and this means that vital preparations must actually start now. This gives companies the best possible chance of being able to effectively prepare, and ensure that they can avoid being fined as a result of any kind of data breach in the future. 

Posted by: CloudScope Recruitment