News

Cloud computing compliance across borders

Tue, 09/02/2016 - 09:19
Cloud Services

Cloud computing compliance regulations. Hard to completely define in every circumstance? Probably. Important to understand and comply with? Absolutely. Many may utter a collective sigh at the mention of compliancy laws regarding data use and protection. Exasperated by the vast amount of ambiguous regulations and statutes attached to online computing, many in the IT security arena may be tempted to liken the whole procedure to a game where the rules are continually changing and the participant can never truly win. Yet despite the seemingly fluid nature of many compliancy laws, the fact the protection of personal information is a human rights issue cannot be ignored and any measures put in place to ensure the safety of personal information should never be taken lightly. It is critical for cloud computing service providers and users of cloud based applications to best protect their most valuable asset: the critical data on which their livelihood often depends. Here are some of the key aspects to take into consideration.

Know Where Your Data Is stored

Many countries regulate the transfer and storage of data to within specific territories and localities. The EU Data Protection Directive (DPD) for example, limits the storage of certain data types to countries within the European Union, and prohibits the transfer of that data across borders to other territories. This is to ensure the safety of both the individual and the state, by ensuring that critical and most likely sensitive data remains less vulnerable to attack.

Know What Data Is Relevant

Many cloud computing compliance laws are aimed at regulating personal data, or data that contains vital and private information to the user it belongs to. What entirely constitutes “personal data” from a cloud computing standpoint is open to interpretation in some cases. Certain types of data that may or not be considered personal data when used in cloud computing are:

  • Fragmented Data: Information that is broken into parts via data fragmentation methods may not be entirely considered as personal data. However, if various parts of the data are reconnected together, personal information may be able to be obtained from it.
  • Encrypted Data: While data that has been encrypted is not always seen as personal data, encrypted data that can be decrypted via a key for use in a cloud application is often seen as personal data. It is vital that all personal data is encrypted using encryption standards that comply with the regulations of the specific territory.
  • Anonymised Data: Data that has been aggregated, had details removed or added may not be considered as personal data at first glance, yet with the ever advancing re-aggregating tools and methods available data controllers may be persuaded to view these data types as personal data, particularly when used in cloud computing environments.

Ensure That Your Data Is Secure

Ensuring the safety and security of all critical data is one of the most important tasks for any cloud computing service provider or user of cloud services. Data is the lifeblood of any organisation, and governs both its health and productivity, so protecting it makes perfect sense in general, and outweighs even compliance concerns. The are many factors to consider when selecting data protection software. Software that is reliable and has a proven track record of success is a must, and partnering with cloud service providers and vendors that take the compliance regulations of their and their clients territories seriously is key to ensuring that the compliance objectives of the organisation are met adequately. Attix5 has developed industry leading cloud data protection solutions to ensure the complete safety of all vital data, regardless of application or data type. By partnering with trusted cloud service providers in a variety of locations worldwide, organisations can rest assured that their cloud data remains protected while complying with the specific data laws of their locale. While the laws regarding IT security and cloud computing may differ in many different countries, with the proper knowledge, ensuring compliance needn’t be an overly complicated affair.

Recent Articles

Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018
Redstor-_Why_great_support_is_vital_blog Disaster Recovery

Why Great Support Is Vital To IT Strategy

An organisation’s IT strategy must deal with many aspects, from ensuring users have a seamless experience to protecting against the threats of... read more

June 12, 2018