As jurisdictional and regulatory controls tighten, questions about where data is stored and how it is protected are being raised.
According to Jayson O'Reilly, director for sales and innovation at security solutions vendor DRS, different countries have different laws about data sovereignty. Some insist that certain types of data are kept where the government will have legal jurisdiction over it, which usually means within its borders.
"Questions of privacy and compliance must be answered," says O'Reilly. "Companies need to know which information can be collected, and where and how it can be stored and transmitted. Importantly, they must also know which security controls must be in place, and how to react should a data breach occur."
For O'Reilly, these issues can restrict businesses interested in the cloud because cloud providers often store, process or back up data across several global locations. Data residency issues are a concern for large enterprises with offices around the world, which consequently fall under more than one jurisdiction, he explains.
He points out that adopting cloud computing can be an issue for hosted messaging and other services that require vast personal information storage. "Protecting data is an increasingly difficult job," O'Reilly notes. "It is becoming more time-consuming and costly, particularly when you consider that cyber criminals are coming up with increasingly cunning ways to bypass security controls."
Most new approaches to data protection are met with an even smarter attack from cyber criminals, he adds. "The increasing sophistication of attacks, combined with the tighter and stricter regulatory environment, is seeing CIOs spending fortunes on multiple security tools and systems to protect their businesses," he adds.
"The question really is how do companies stay compliant when bearing in mind the plethora of rules and regulations, as well as trends such as BYOD and big data, which are increasing the complexity of the problem?"
O'Reilly believes one way of doing this is through obfuscating the data at the source, before the data even enters the cloud.
"By doing this, companies can move their data into the cloud, while remaining compliant, as the data cannot be accessed by the wrong people. Encrypting data at the source means it can be moved across the network, over mobile and wireless devices, and through the enterprise, all while remaining private and protected."
Share