Is the fine unfair? After all, TalkTalk was the victim of the malicious SQL injection too. An ethical dilemma, sure, but easily justified by the ICO who took the position that “hacking is wrong, but that is not an excuse for companies to abdicate their security obligations”. A precedent is therefore set in the IT landscape— your business has a responsibility to keep its IT and security systems up to date to modern threats and modern compliance standards.
How Safe are you in the Cloud?
Microsoft’s Azure cloud computing platform is all about providing you with a host of cloud services, but more importantly the peace of mind that your data and systems are protected. The principals to which Microsoft holds itself and its cloud services are:
- Federating user ID’s to Azure Active Directories means only individuals you want signing into your cloud systems will be able to get in
- Regular penetration testing (a necessary step to reducing the likelihood of the SQL injection attacks that targeted TalkTalk), intrusion detection and DDOS attack preventative measures
- Everything you place in Azure is 100% owned by yourself. It is not used for data mining and you have access to it at anytime and anywhere (or you can define where you want it accessed)
- Microsoft conform to leading data protections and privacy laws applicable to cloud services, these are shown plainly so you can decide if Azure complies to the laws and regulations applicable to the industries you are part of
Country specific standards are adhered to when possible, to help organisation comply with national and industry specific requirements which alter and governs the way you may collect and use an individual’s data
- Microsoft only provides access to customer’s data for their engineers performing key maintenance tasks and upgrades. Strict controls to govern access is given to perform the tasks and is immediately revoked upon completion
- At all points in time you will be able to find out where your data is stored, and under which conditions it’s accessed. You will also be notified if there are any changes to Microsoft’s service Microsoft even shows you where all its data centres are globally, check them out here
Protection against external threats and non-complianceWithout a doubt your strategy should be double pronged. Not only does your organisation need protection from external threats, but you need to have performed the due diligence on your systems so they are fit to securely hold your customer’s data— failing this is what leads to fines for negligence.
Secondly, Cloud technology mitigates a lot of your technology risks by performing much of the maintenance as part of your hosting agreement. Immediate updates to security are made available to all systems as soon as they’re released, and these releases tend to happen more frequently than they would if your organisation was managing your entire IT landscape.
With that said, according to the Cloud Security Alliance, 73% of companies are held back from adopting cloud technology due to concerns over the security of their data. The second most persistent concern (38%) is about regulatory compliance of their data being held in the cloud. Many organisations may have rightful concerns over their data in the cloud, but many of you may also have unfounded fears based on headlines similar to the ones we saw this month.
Get in contact with ClearPeople today if you’d like to talk more about cloud security and regulatory compliance in the Cloud, and we’d be more than happy to discuss the options specific to your industry.