Cloudy with a Chance of Regulation: Satisfying Audit and Compliance Concerns around Cloud Providers
What can organisations do to have unbreakable confidence in their ability to control access to information, while still keeping it secure and compliant?
20 May 2015
As the need for collaboration grows, threats become more prevalent, regulatory requirements more varied, and concerns and risks around information security and data privacy for organizations increase.
In our last interview podcast with Risky Business, we talked about the threat of Shadow IT and the security challenges presented by unsanctioned file sharing services in the enterprise. Recently, we met with Patrick Gray of Risky Business for the second time to discuss the growing concerns around data security, privacy and compliance in the cloud and how to best protect the enterprise from risk. You can listen to the podcast below.
The Data Privacy Debate
You might remember the big privacy debate in the news some time ago, when the U.S. federal court asked Microsoft to handover information that was hosted in Ireland. Microsoft was adamant about keeping this information private, arguing that the data was outside the jurisdiction of the warrant, but the U.S. court disagreed, and as you can imagine, a legal battle soon followed. And while today this legal battle is still in pursuit, it raised some interesting questions around data jurisdiction and privacy including: Do I know where my business data is hosted? Who has access to my information? What are the jurisdictional and compliance issues associated with this?
In the Financial Services sector in particular, regularly requirements and examinations around data storage are very strict (think CCAR). This is most recently evidenced in the example of the roll back of a multimillion dollar implementation of Salesforce.com by the Bank of Queensland in Australia. Reacting to increased focus from the Australian Prudential Regulatory Authority (APRA) on the nature of cloud service provision, the bank cited “operational and regulatory requirements” as a reason for the roll back. In fact, financial service regulators around the world are honing in on the use of cloud services across the board — which begs the question of what can be done.
What can organisations do to take their providers out from the middle of the fight and have unbreakable confidence in their ability to control access to said information, while still keeping it secure and compliant? In the case of our own solutions, the Intralinks platform is designed with security and compliance in mind to alleviate concerns that organizations encounter around meeting audit and compliance requirements. For even greater control over your information you can consider a solution like customer managed encryption keys (CMK).
If you want to learn more about data sovereignty issues, secure document sharing, and key management, listen to the podcast with Risky Business above.
Hope you enjoy it. And as always, stay tuned to our blog for more data privacy and security best practices in the enterprise.
Daren Glenister is the Field CTO for Intralinks. In his role, he acts as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements, helping to steer Intralinks’ product road map and the evolving secure collaboration market. Daren brings over 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software having worked with many of the Fortune 1000 companies helping to turn business challenges into real world solutions.