X
Closing this message and/or accessing our website tells us you are happy to receive all cookies on the ClearPeople website.
However, if you would like to, you can change your cookies settings at any time.
Data— whether it’s the emails of a presidential candidate or your customer’s financial information— can be a risky thing to be holding onto. Not just because there are entities that wish to take advantage and exploit it but also because of the liability for allowing such confidential information to be compromised. If you are hacked, your IT systems are sure to be placed under the closest scrutiny in the aftermath of the incident.
This month TalkTalk, one of the UK’s largest telecoms company, was fined £400,000 for security failings that allowed their customer’s data to be stolen following a cyber-attack. The damning indictment came as ICO (Information Commissioner’s Office) claimed the information of nearly 160,000 customers was stolen “with ease”.

Is the fine unfair? After all, TalkTalk was the victim of the malicious SQL injection too. An ethical dilemma, sure, but easily justified by the ICO who took the position that “hacking is wrong, but that is not an excuse for companies to abdicate their security obligations”. A precedent is therefore set in the IT landscape— your business has a responsibility to keep its IT and security systems up to date to modern threats and modern compliance standards.

 

How Safe are you in the Cloud?

Distrust of the cloud isn’t new and the misconception of holding data externally is going to be stronger than ever in light of the recent hack. A popular belief is that having ‘control’ of your servers is equivalent to having good ‘security’— the other misunderstanding being that hosting in the cloud means you relinquish all ‘control’. Both assumptions couldn’t be further from the truth.

Microsoft’s Azure cloud computing platform is all about providing you with a host of cloud services, but more importantly the peace of mind that your data and systems are protected. The principals to which Microsoft holds itself and its cloud services are:

 

Security: Keeping your Data Safe
  • Federating user ID’s to Azure Active Directories means only individuals you want signing into your cloud systems will be able to get in    
  • Regular penetration testing (a necessary step to reducing the likelihood of the SQL injection attacks that targeted TalkTalk), intrusion detection and DDOS attack preventative measures       
Privacy: Own and Control your own Data
  • Everything you place in Azure is 100% owned by yourself. It is not used for data mining and you have access to it at anytime and anywhere (or you can define where you want it accessed)    
Compliance: To Global Standards
  • Microsoft conform to leading data protections and privacy laws applicable to cloud services, these are shown plainly so you can decide if Azure complies to the laws and regulations applicable to the industries you are part of
  • Country specific standards are adhered to when possible, to help organisation comply with national and industry specific requirements which alter and governs the way you may collect and use an individual’s data
Transparency: Know how your Data is Stored ans Accessed
  • Microsoft only provides access to customer’s data for their engineers performing key maintenance tasks and upgrades. Strict controls to govern access is given to perform the tasks and is immediately revoked upon completion
  • At all points in time you will be able to find out where your data is stored, and under which conditions it’s accessed. You will also be notified if there are any changes to Microsoft’s service Microsoft even shows you where all its data centres are globally, check them out here

Protection against external threats and non-compliance

Without a doubt your strategy should be double pronged. Not only does your organisation need protection from external threats, but you need to have performed the due diligence on your systems so they are fit to securely hold your customer’s data— failing this is what leads to fines for negligence.
Secondly, Cloud technology mitigates a lot of your technology risks by performing much of the maintenance as part of your hosting agreement. Immediate updates to security are made available to all systems as soon as they’re released, and these releases tend to happen more frequently than they would if your organisation was managing your entire IT landscape.

With that said, according to the Cloud Security Alliance, 73% of companies are held back from adopting cloud technology due to concerns over the security of their data. The second most persistent concern (38%) is about regulatory compliance of their data being held in the cloud. Many organisations may have rightful concerns over their data in the cloud, but many of you may also have unfounded fears based on headlines similar to the ones we saw this month.

Get in contact with ClearPeople today if you’d like to talk more about cloud security and regulatory compliance in the Cloud, and we’d be more than happy to discuss the options specific to your industry.
 

 

 
 

Author bio

cplogo
Faizan Shaikh
User Engagement Analyst
Faizan is a User Engagement Analyst

Comments


comments powered by Disqus

Related Articles

Sign up to our Newsletter

Every now and then, we'd like to send you information that delivers, develops and promotes our products and services that are relevant to you. Submitting your details tells us that you're OK with this and you also agree to our Privacy & Cookies policy. You can, of course, opt out of these communications at any time.