Where Your Sensitive Data is Stored Matters?
From online banking to a personal email inbox, it seems everything is moving to the cloud these days. But, contrary to popular belief, the cloud isn’t something “up there” in the blue. Instead clouds are hosted on real physical servers located somewhere here on Earth. And knowing where and how your cloud service is set up is paramount to protecting sensitive data and maintaining regulatory compliance.
Accessibility remains a primary advantage of working on the cloud. Instead of maintaining expensive on-premise service, you gain access to a massive network of on-demand servers. This means that, theoretically, using APIs and other software, cloud servers allow you to share your company’s workload across multiple servers – taking stress off your IT infrastructure and allowing remote access to information.
Think of the cloud like an information bank. When you store your data on-premise, it’s like storing valuables at home – not unsafe if you take the time and effort to update, deploy and maintain your security perimeter. But moving your data to the cloud is like making a deposit into a bank – where your information is stored in an ‘account’ along with others where it may be withdrawn upon request.
But compliance is a consideration when moving to the cloud
Depending on what kind of data you have and what part of the world your data is being collected from, there are different rules and regulations which must be considered. For example, if your data is collected from an EU country subject to the General Data Protection Regulation (GDPR), you need ensure wherever your data is stored is in a region which does not compromise the integrity of the data in terms of GDPR compliancy – this includes any touchpoints during transit.
When moving to the cloud, you want to make sure you cover all your privacy bases before committing, and submitting data, to a cloud provider. The GDPR, for example, outlines strict guidelines on how companies must handle data belonging to EU residents and clearly states whether the transfer or disclosure of personal data is allowed. And punishments for violating the GDPR are steep – and can be as much as 20 million Euros or up to four per cent of an organization’s global annual turnover.
In addition to worrying about data privacy protection, an organization needs to consider the actual physical locations where their cloud provider is hosting their data. Are cloud provider servers hosted in multiple locations? Are there environmental risks, such as fault lines or hurricane zones, to examine? Are there recovery plans for damaged or lost data? These are just some questions to consider.
Thinking of moving your PGP to the cloud? Here’s what you need to know.