Cloud computing compliance across borders

Cloud computing compliance across borders

posted in Product ● 9 Feb 2016

Cloud computing compliance regulations. Hard to completely define in every circumstance? Probably. Important to understand and comply with? Absolutely. Many may utter a collective sigh at the mention of compliancy laws regarding data use and protection. Exasperated by the vast amount of ambiguous regulations and statutes attached to online computing, many in the IT security arena may be tempted to liken the whole procedure to a game where the rules are continually changing and the participant can never truly win. Yet despite the seemingly fluid nature of many compliancy laws, the fact the protection of personal information is a human rights issue cannot be ignored and any measures put in place to ensure the safety of personal information should never be taken lightly. It is critical for cloud computing service providers and users of cloud based applications to best protect their most valuable asset: the critical data on which their livelihood often depends. Here are some of the key aspects to take into consideration.

Know Where Your Data Is stored

Many countries regulate the transfer and storage of data to within specific territories and localities. The EU Data Protection Directive (DPD) for example, limits the storage of certain data types to countries within the European Union, and prohibits the transfer of that data across borders to other territories. This is to ensure the safety of both the individual and the state, by ensuring that critical and most likely sensitive data remains less vulnerable to attack.

Know What Data Is Relevant

Many cloud computing compliance laws are aimed at regulating personal data, or data that contains vital and private information to the user it belongs to. What entirely constitutes “personal data” from a cloud computing standpoint is open to interpretation in some cases. Certain types of data that may or not be considered personal data when used in cloud computing are:

  • Fragmented Data: Information that is broken into parts via data fragmentation methods may not be entirely considered as personal data. However, if various parts of the data are reconnected together, personal information may be able to be obtained from it.
  • Encrypted Data: While data that has been encrypted is not always seen as personal data, encrypted data that can be decrypted via a key for use in a cloud application is often seen as personal data. It is vital that all personal data is encrypted using encryption standards that comply with the regulations of the specific territory.
  • Anonymised Data: Data that has been aggregated, had details removed or added may not be considered as personal data at first glance, yet with the ever advancing re-aggregating tools and methods available data controllers may be persuaded to view these data types as personal data, particularly when used in cloud computing environments.

Ensure That Your Data Is Secure

Ensuring the safety and security of all critical data is one of the most important tasks for any cloud computing service provider or user of cloud services. Data is the lifeblood of any organisation, and governs both its health and productivity, so protecting it makes perfect sense in general, and outweighs even compliance concerns. The are many factors to consider when selecting data protection software. Software that is reliable and has a proven track record of success is a must, and partnering with cloud service providers and vendors that take the compliance regulations of their and their clients territories seriously is key to ensuring that the compliance objectives of the organisation are met adequately. Attix5 has developed industry leading cloud data protection solutions to ensure the complete safety of all vital data, regardless of application or data type. By partnering with trusted cloud service providers in a variety of locations worldwide, organisations can rest assured that their cloud data remains protected while complying with the specific data laws of their locale. While the laws regarding IT security and cloud computing may differ in many different countries, with the proper knowledge, ensuring compliance needn’t be an overly complicated affair.

Rise in laptop sales leads to data protection worries

Reading, 6 April 2020 – An unwelcome repercussion of employees snapping up laptops for home working ahead of the coronavirus lockdown has been an even bigger spike in cyber-criminal activity.

Continue reading

O365 cyber attacks stress need for isolated backup

Reading, 17 December 2019 – Office 365 is a prime target for cyber criminals – and it’s not difficult to understand why when Microsoft announced this year that it has more than 180m active commercial users every month.

Continue reading

Redstor to showcase pioneering data management technology at Infosecurity

Reading, 26 July 2019 – Redstor, the UK-headquartered company disrupting the world of data management, is pushing ahead with aggressive expansion plans in the Netherlands.

Continue reading