The benefits of adopting cloud technologies are numerous, and are widely reported and understood. However, cloud adoption is not without its risks, and companies embarking on a cloud journey need to understand all the jurisdictional and regulatory control issues.
Most countries will have data residency and sovereignty requirements in place, that insist that certain types of data at least must be stored in an area where the government can maintain legal jurisdiction over that data. "This translates to within its borders," says Richard Vester, Director of Cloud Services at EOH. "Take for example the European data protection laws, which prohibit personal data from being moved outside the EU's borders, and in some instances, outside a specific country's borders. The US too has applicable data protection laws and regulations specific to each of its states, and these regulations may vary widely."
He says that either way, all countries have laws, and there will be questions regarding privacy and compliance that need to be answered. "Firstly, businesses need to understand which data can be collected and where and how it can stored and transmitted. Following this, they need to understand which levels of security must be applied to that data, and what steps need to be followed in the event of a security incident."
These issues of jurisdiction and residency can prove a massive hindrance for businesses that want to store, process or backup their data to the cloud, as it's not an unlikely scenario that cloud providers have several locations around the globe in which they store, process and backup clients' data. "This is without factoring in multinational corporations that have multiple offices, in locations dotted around the world."
Protecting data is getting more and more difficult too, as cyber criminals become increasingly clever and cunning. "All new approaches to security are eventually met with an even more sophisticated attack from threat actors and criminals. Burgeoning regulatory challenges and the growing sophistication of attacks have seen executives investing in multiple security disciplines in order to mitigate the damage and protect their data," Vester says.
"Add to this the complex environment that trends such as bring-your-own-device (BYOD), mobility, cloud-computing and big data have brought, and it's a daunting task indeed."
He believes in order to stay ahead of these challenges, a solution is ensuring that all your data stored in the cloud is locally hosted, and confined within legal boundaries. "When choosing a cloud provider, make sure you understand which data centre your information will be stored in, and where it is."
In addition, make sure your cloud provider understands the issues and security implications, and has systems and technologies in place to protect your data. "One such solution is to make sure all data is encrypted at the source, before entering the cloud. If this is done, businesses can migrate their data to the cloud, while guaranteeing compliance with all sovereignty and residency requirements, as the information cannot be accessed by anyone without privilege," Vester explains.
"This sort of solution protects data as it is used and moved across the corporation, through the cloud, over mobile or handheld devices, and within big data environments. By doing this, data remains not only protected but private, irrespective of where moves, how it lives, or how it is used."
This approach to the securing data can be applied to any type of information, and deployed across multiple, disparate business systems. "Organisations need to understand the data lifecycle and how it travels among users, within the value chain and outside it, and across different IT systems and end-user devices. Information can no longer be contained within the traditional business boundaries, and must be protected as such."
Today's businesses need to withstand tremendous scrutiny regarding their data security, and must ensure they are up to scratch regarding security and compliance, or risk suffering an incident, and the resulting loss of confidence and potential fines, says Vester.
"Housing data locally, and protecting it at the source is the best way forward for businesses embarking on a cloud journey. Don't add residency issues to your data unless strictly necessary. The best defence is the best offence."
Share
EOH
EOH is one of the largest technology and knowledge services providers in South Africa and provides the technology, knowledge, skills and organizational ability critical to Africa's development and growth. EOH's 6 000 staff members deliver high value, end-to-end enterprise applications solutions, a wide range of outsourcing, network solutions, managed services and business service offerings to customers across all major industries.
EOH is the largest BEE implementer of enterprise applications constantly exceeding customer expectations.
EOH Cloud Services offers fully managed end-to-end, hybrid cloud infrastructure as well as national and global MPLS VPN solutions, voice, metro ethernet fibre and wireless access, data centre services and a range of Internet and last mile access solutions.
For more information visit: www.eohcloud.co.za
Editorial contacts