Latest:

Thursday, 21 April 2016

Risking privacy: How to keep your Data safe in the Cloud?

Edward Snowden, computer professional and NSA whistle-blower, warned people to stay away from internet services such as Google, Dropbox and Facebook if they care about their privacy. More recently, he stated that if you want some privacy, don't use Dropbox. His revelations have shaken governments, global businesses, and technology vendors, spurring the debate on information privacy and why it matters.

Just this week, it was revealed that the Government Communications Headquarters in the UK had spied on confidential documents between certain lawyers and clients. The lawyer-client relationship is protected by strict rules and this latest development has troubling implications for the whole justice system and clearly violates an age-old principle of English law set down in the 16th Century.

The right to privacy

Snowden is no stranger to controversy. As the person responsible for propelling privacy and data-security concerns in the cloud into the public domain, it is no surprise that he is addressing the issues that many people and businesses worry about: is personal data and information safe in the hands of social media and sharing platforms?

Individuals have a right to privacy. This is a basic human right, and as such, is enshrined by legislation all over the world. This makes it all the more alarming that some government bodies disregard this and position their need to access data as a necessary evil. The main issue that Snowden raises is the concern that some applications and vendors are hostile to privacy, allowing access to anyone. Governments on the other hand, are concerned about encrypted applications ‘going dark,' acting as a space where people who have something to hide can go about their business.

While some tech companies conclude that for consumers it's a ‘trade-off' between usability, convenience, and security, one must note that this is more than just an issue for consumers, it is a much bigger issue that has a huge impact on enterprises. IT analyst firm Ovum found that 89% of those using file sync and share applications at work are using at least one consumer product. Recent research by Workshare also revealed that 80 percent of employees access work documents on the move and, three quarters are using free file sharing services without IT's authorization. These sharing behaviors uncover a serious weakness in an organization's data security policies, which is exposing corporate documents and data, leaving enterprises vulnerable to commercial and reputational risk.

Businesses can and will be impacted by the policies that are being adopted by the government if they continue to use these consumer-grade applications to share and access business data. In this environment, CIOs need to consider IT security and risk management best practices, while keeping an eye on making sure they don't degrade the usability of applications as they apply more encryption or control.

As the need to share and collaborate with others becomes more prevalent in the workplace, so will the need to enable and secure this collaboration. Employees will generally use whatever allows them to do their work easily, especially if this demand is placed on them by their clients, and even if that means using an unsecured way to work.


Cloud-security concerns

Historically, organizations were concerned with the security of data in the cloud, and these latest comments from Snowden will no doubt bring these concerns back to the forefront of the cloud-adoption debate. Faced with the upcoming EU directive to protect personal data in the cloud, where a data breach can result in fines of up to 5 percent of annual revenues or 100 million Euros, IT groups must review their current applications and data protection processes to ensure they are keeping data secure.

Their biggest concern now is to ensure that employees are using secure methods to share corporate documents and data, and to maintain control and visibility over how and where their data is stored in the cloud. Employees no longer need to be restricted to their desk in order to get their work done and can be more productive if enabled by IT groups to work remotely or on mobile devices. If IT groups do not provide them with secure means to do so, as the research found, they will often find their own ways to share – putting corporate data at risk.


Protecting data in the cloud

Therefore, a successful IT strategy to protecting corporate data in the cloud must balance the needs of employees with control over data. IT holds the role of the ‘data guardian' and it is their responsibility to minimize the risk that corporate data is exposed to. So any applications used by employees needs to have the security and control that the IT department requires, with the same ease-of-use as the consumer-grade applications employees have been using. This can be achieved by introducing enterprise-grade file sharing and collaboration applications that integrate into their workflow, and provide the level of security needed by regulated sectors.

The next thing to consider when securing data in the cloud is where it is actually stored. Security-conscious organizations must adopt solutions that offer a comprehensive range of deployment options. With a hybrid-cloud deployment option, organizations can choose a specific data center and jurisdiction under which to store their data. For extra security, organizations should consider vendors that allow them to store their data in their own data center, behind their own firewall.

Snowden's recent comments have catapulted security back into the enterprise cloud adoption debate. However instead of being intimidated by these risks, organizations should use this increased awareness as an opportunity to adopt solutions and processes that address these risks head on. By implementing enterprise-grade applications, they can make a concerted push towards securing data in the cloud, while enriching the working practices of their employees.

In the meantime, only governments are in a position to set the international standard for information sharing that can strike the balance between privacy and security. They can achieve this by working together and with tech companies, to address the confusing patchwork of international laws and develop an international agreement that is transparent, fair and comprehensive, resolving the conflict between security and the user's right to privacy.


Article by Rishibha Tuteja
Last minute Blogger, fangirl by profession. A Bibliophile by heart,Tech–Enthusiast by choice.
She breathes dreams like air and can be reached at https://twitter.com/BibliophileRish

Post a Comment

 
Back To Top
Copyright © 2016    ReviewMantra |  Terms of use  |  Privacy

Protected by Copyscape