It was revealed in the RSA Conference 2018 that 97 percent of worldwide IT professionals are using some type of cloud service. It further revealed that more than 80% organizations store sensitive data on public cloud. Right from customer information, information about IPs, network pass cards, personal staff data and more – all of it is available on the cloud. Organizations trust their cloud service providers and are unlikely to decrease their cloud investment in the years to come. Malware and other security concerns continue to mar the adoption of cloud but if a cloud service provider follows some of industry’s best practices, it is unlikely that they will have a dire situation as far as cloud security is concerned.
Image Source: https://cdn.pixabay.com/photo/2018/02/11/23/45/cloud-3147119_960_720.png
If cloud service providers follow DevOps and DevSecOps can help reduce the data breaches and improve code quality. Automation is also known to reduce the exploits and vulnerabilities. With a single platform to manage multiple cloud services can help reduce the complexity of managing security.
It looks like that just encryption and authentication are not enough to control data breaches. These are just basic security practices that are inadequate to protect workloads. As we are already aware that EU has taken a huge step to enforce data protection. The General Data Protection Agreement (GDPR) is EU’s move in the direction. On 25th May 2018, GDPR tenet will become effective and will give the right to an individual to protect his/her data.
GDPR is expected to adversely affect public cloud service providers and teams dealing in enterprise compliance in that region. Every business must meet a threshold requirement to be GDPR compliant. If anyone breaches GDPR requirements, the fine is quite high (in Euros of course). There are many companies that provide services across the globe and they must meet the requirements of GDPR as well. For example, AWS and Google, major public cloud service providers, are taking some serious action to meet the GDPR requirements. But unfortunately, the use of compliant cloud service will alone not suffice.
The basic requirement of GDPR is for organizations that initiate the personal data collection or are cloud environment operators should be able to provide proof that data is protected at all stages that is while it is in transit or processed or stored.
GDPR is a commitment and meeting its requirements need all departments to be involved. As far as your cloud hosting service provider is concerned, you must have a contract with them that defines all the security standards and requirements clearly. If you wish to discuss more about GDPR or its impact, we are waiting to hear from you.