November 2016 | Thought Leadership, White Papers
Cyber Security Architect, Interactive
There’s no denying that cloud technology is continually changing the way we conduct business. Research indicates that private cloud infrastructure is growing at 10.3% to $13.8 billion (IDC).
While it offers agility and scalability for SMEs and large organisations, cloud based solutions have also created issues surrounding data security and privacy. Given the global shift to data storage in the cloud, the implications of data protection and its challenges ahead, is something that businesses should be aware of.
The 3 Types of Data to Protect
Cloud technology has enabled businesses to outline a true global strategy in the delivery of data resources i.e. using data centres within a geographical distance to your core users is one way of improving the user experience of your service or product. But what are the implications? This depends on the type of data you’re looking at. When it comes to data protection, you’ll need to consider the vulnerability of data in store, data on the move and data in processing.
Data in Store
According to the Australian Cyber Security Centre 2016 Threat Report, the Australian private sector is ‘persistently targeted by a broad range of malicious cyber activity’.
Attacks can come in many forms and are ever evolving, and keeping infrastructure up-to-date with the latest security can be challenging and costly. Understanding how your data is protected when it’s in rest will help you minimise vulnerability to attacks.
Another factor to consider is data sovereignty. As laws around data privacy will continue to change by country, global organisations will need to ensure they are compliant when it comes to collecting, storing, and processing data. If your business has data stored outside of your country of operation, the data is subject to the laws of the country in which your business operates. To ensure your business is compliant, review Australian Privacy Principles’ (APPs) guidelines .
Data on the Move
Data migration can pose a risk of corruption or modification when in transit i.e when copying data from one location to another. If your data is hosted in a managed cloud environment, the security of your data becomes the responsibility of your managed service provider. However, there are some key challenges that still lie ahead for businesses wanting to protect their data, even those who are outsourcing their data storage to the experts. One example is ‘shadow IT’ and the BYOD (Bring your own device) movement, where your staff are now not only bringing in their own mobile, but everything else too. With an intractable number of combinations of hardware and software, it is proving to be challenging for IT teams to manage security.
Data in Processing
Data in processing is another risk businesses may need to consider. As transactions between businesses and consumers increase, businesses will need to strengthen the reliability of infrastructure and the health of its systems to ensure data isn’t jeopardised when being processed i.e. end of month billing, one off payments, ongoing commerce…etc.
Data protection is a complex practice
When it comes to data protection, availability, integrity and confidentiality are the key security pillars to keep in mind. Encryption is a common tactic in data protection but what matters more is the environment the data is stored in. Before you put encryption and other security measures into practice, ensure your business has a clean IT environment free from malware and viruses.
No matter how you store your data, whether it’s through in-house services or a third-party option, there is always going to be a risk that your sensitive data will be stolen. Here are tips to ensure your data is protected in the cloud:
Tips to protect your data in the cloud
- Keep security software up to date
- Use hard-to-guess passwords
- Scan external drive for viruses and malware before accessing
- Beware of malicious mail - don’t open the attachments from unknown source
- Use a modern encryption algorithm
- Employ a robust key management policy for your encryption keys, and ensure your provider does the same
- Prepare for disaster
- Education is key
- Enable a remote wipe facility if devices are lost
1 Cloud Spending Will Top $37 Billion In 2016, IDC Reports, Information Week, http://www.informationweek.com/cloud/infrastructure-as-a-service/cloud-spending-will-top-$37-billion-in-2016-idc-reports/d/d-id/1326193
2 Australian Cyber Security Center 2016 Threat Report, https://www.acsc.gov.au/publications/ACSC_Threat_Report_2016.pdf
3 Office of the Australian Information Commissioner,