New Global Standards for Cloud SecurityApril 12, 2018
As of May, the requirements of cloud security will be getting an overhaul. The General Data Protection Regulation (GDPR) will introduce tighter security protocols for many businesses not just in the EU, but around the world. You are mistaken if you think that the GDPR is only going to affect European companies and organizations.
Appnovation, a global IT company, understands the GDPR’s reach when they state "Put simply, this is something which will [affect] every organization that processes EU citizens’ data, whether processed within or outside Europe." This bombshell that’s about to drop on the digital security and data world is going to change the cloud and hold companies accountable for how they process sensitive data on it.
Failure to adhere to these policy changes will result in hefty fines to your business. So, if you hold extensive data on the cloud, you’ll want to know how it’s going to change in accommodation for the GDPR. Read below to understand how and why it will change cloud security.
GDPR, Privacy, and Global Safeguards
Any company that processes a citizens’ data in the EU will be subject to GDPR security protocols. Changes in these protocols mean that if you sell goods or process any data inside the EU – even if your location is outside of the EU – these new changes will affect you. Starting May 25th, 2018 companies obtaining, processing, and storing EU citizen data will have to:
● Gain expressed consent from a customer before receiving their data.
● Notify customers of a data breach within 72 hours of becoming aware of it.
● Appoint a Data Protection Officer, who will ensure all data processing methods abide by the GDPR policies.
These are just a few of the stated requirements. Companies found not in adherence to the GDPR will likely face sanctions and/or fined a €20 million penalty, or 4 percent of their global revenue – whatever ends up being the more considerable amount. Despite getting fined, customer privacy should be a top priority for any company, especially when processing data in the cloud. The GDPR is changing policies and standards to ensure those who don’t find it one.
Identity theft is the bane of the data processing world, so one condition that may be under the GDPR is that companies use the innovative forms of encryption when processing, storing and moving their customer data on the cloud. Anonymization and pseudonymization protect a citizen’s data. However they do it differently and for different purposes. This table from Protegrity might better explain the two:
We see here the names of four people in this table can be either broken into pseudonyms – or tokens – or anonymized. Each token can be looked up (in a protected corresponding table) to reference a person’s name in the case that the person needs to be identified. However, with anonymization, there is no way of determining a person by their name – it all looks the same, so the data cannot identify a particular person.
We can see some problems here, however. If we look at Clyde, we can immediately identify the pattern of his token and identify him by qOerd. The same thing can happen with Marco and Les, in which you can immediately identify them by their token or pseudonym. Anonymized data solves this, as everyone is identified by xxxxx, but it can be still analyzed to find specific patterns and predictability to identify a person. Each may have their faults, but as these forms get perfected, they will become less and less vulnerable.
Password protection will always be a standard in any digital security landscape, as it is the frontline to accessing your data. Especially when storing your data in the cloud, it is up to you to make sure you have a protected password, whether you are an individual or a company processing individual data. Otherwise, you might as well just invite cybercriminals to take a look at your personal information.
Panda Security stresses the importance of choosing a secure password: "Recently, researchers found an Equifax portal guarding access to 14,000 personal records being secured by the password ‘admin/admin.’" This is a very easy password for cyber attackers to guess, and as a result gain insight into 14,000 people’s records; carrying out identity theft and credit card fraud. Make sure you and the company you choose your cloud services with understand the importance of a secure password.
Cybersecurity, the cloud, and any industry that handles massive data are going to be transformed this coming May. The GDPR is bringing new, elevated standards to the way businesses treat sensitive information on the cloud. It’s wise for you to make sure you’re in adherence with the GDPR to keep up with some of the new changes in the cloud’s security landscape mentioned above.
About the Author
Avery Phillips is a unicorn of a human being who loves all things relating to people and their entrepreneurial spirits. Comment down below or tweet her @a_taylorian.