Achieving Data Security Compliance in the Cloud

As individuals, we go through life and share information about ourselves in all aspects of our daily lives. From credit checks to secure a loan, to entire personal and family medical histories to secure health insurance. Without providing personal data, many services would be inaccessible to the average person – but in our modern online world, we are more aware than ever of where our data goes, who has access, and whether it will be shared with third parties.

When we disclose our personal information to legitimate organizations, they become the ‘data processor’ and its data security focus will be governed by industry-specific standards. Individuals can certainly be encouraged to play their part, for example by blocking suspicious contacts, installing antivirus software on a personal computer or using biometric security. However, for genuine transactions, the responsibility for protecting our personal data lies with the custodian authorities.

Unfortunately, hackers are finding more and more creative ways to break firewalls, and scammers continue to prey on the vulnerable, or those who are instantly taken ‘off-guard’, to gain access to the most valuable information. In fact, according to GIACT’s recent report, identity theft in the United States increased by 45% in 2020 compared to 2019, at a cost of $ 712.4 billion, and over 2.4 million Americans were hit by fake IRS representatives!

Industry-specific compliance with data security

In the United States, not a single data protection law exists, as data protection laws are a combination of both federal and state statutes that address specific sectors. The good news is that in May 2021, the US President signed a decree on improving the nation’s cyber security to help strengthen data protection and modernize cyber security defenses.

Of course, simply because of the nature of their business and the type of data they handle, certain industries will already be security and compliance centered and comply with robust data security compliance rules. Industry examples include:

  • Health care and life sciences: an industry that processes and handles possibly the most sensitive and confidential personal information. It focuses on the ability to safely and securely integrate applications used by healthcare providers, insurance providers, patients, and their caregivers. In addition, data security is key when you consider that medical records storage policies in some states require storage for up to 30 years.

The rules include: Act on transfer and liability for health insurance (HIPAA), HIPAA safety rule, General Data Protection Regulation (GDPR, applies to US organizations that store or process personal data about EU citizens)

  • Finance: an industry that is completely dependent on digital platforms and therefore is a primary target for cybercriminals. It is focused on protecting customer assets as well as personally identifiable information (PII) against malicious activity, especially as online transactions now dominate the financial market.

The rules include: Gramm Leach Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), Payment Card Industry Data Security Standard (PCI-DSS)

  • Telecommunications: this is an industry where organizations are expected to be highly technology savvy, where global interconnection and digital infrastructures are at the core of the company’s activities. The core focus is to protect network highways and communication systems, while protecting large amounts of PII due to its subscription-based format.

The rules include: Telephone Consumer Protection Act (TCPA), Computer Fraud and Abuse Act, Electronic Communications Privacy Act

  • The insurance sector: With a unique combination of financial and personally identifiable data, including medical IDs and social security numbers, the insurance industry is an obvious target for fraudsters. Data security and maintaining customer trust and loyalty are paramount to the survival of an insurance organization.

The rules include: NAIC Insurance Data Security Model Law, NYDFS Cybersecurity Regulation, and GLBA, HIPAA

How Cloud holds the key

The latest ISC2 2020 Cloud Security Report found that 34% of cybersecurity professionals say that the risk of data security, loss or leakage deters cloud adoption in their organization. In relation to the question “Will my data be secure in the cloud?”, 62% of respondents invested in cloud-native security technology along with employee certification to keep up with ever-changing security requirements.

With the big data explosion, migrating to the cloud – public, private or hybrid – is almost inevitable. With more data expected to be generated in the next three years than in the entire last three decades combined, cloud technology will be all-encompassing. Therefore, as organizations recognize cloud technology benefits for scalability, increased agility, and reduced TCO, the ability to put your trust in cloud security is also crucial.

In the same ISC2 report, 78% of respondents believe that they or their teams are not equipped to operate in cloud environments. And this is where reputable cloud providers with the necessary skills and expertise can solve cloud data security issues:

  • Deep technical know-how: even when companies have established internal IT resources, these departments manage many aspects of the business, but not necessarily cloud cybersecurity experts. Leading cloud providers are developing large teams of highly qualified professionals whose sole focus is to protect data in the cloud. They are at the forefront of dynamic and fast-moving cloud security tools and services, can recommend and implement tougher security measures, and deliver an unmatched level of expertise.

  • Risk mitigation strategies: a cloud provider will not only incorporate the very latest in cloud security technology, for example AWS Security Hub, but also leverage game-changing automation and AI. The ability to detect threats before a breach occurs and automatically initiate the next troubleshooting steps provides the highest level of security. For example, implementation of Amazon GuardDuty and Amazon Detective.

  • Compliance with industry regulations: when new industry regulations are issued, or existing ones are updated, you need to be confident that your systems comply. Cloud providers, with relevant industry compliance certification, can ensure that customers’ systems meet strict data security standards, such as AWS Healthcare Competency Partners.

  • Real-time monitoring: Incorporating sophisticated cloud data and analytics services will provide reporting and auditing functionality. Business insights into potential vulnerabilities are identified and prioritized, helping to create the most efficient, robust and secure infrastructures.

Bottom line: data security in the cloud is achieved with a multi-layered approach. Cloud providers implement the most advanced cloud security services, freeing CTOs and CIOs to focus on improving internal data security awareness, training, and data access policies. This collaborative approach to maximizing data security helps break down the barrier of cloud adoption and build trust in the powerful cloud security technology available today.

By Kelly Dyer

William

Leave a Reply

Your email address will not be published. Required fields are marked *