Keeping company data private and secure while operating in the cloud is the question that has been increasingly one of the primary concerns for organizations, especially since the pandemic has made us all work from home a lot, often with less than secure systems.
What is data privacy and data security?
Most articles written about data privacy and data security are all about the risk that the new technologies might pose. Those terms are sometimes used interchangeably. But are they really the same?
First, let’s talk about data security. There is a difference between data protection and data security. Data protection consists of the strategies and processes that we use to ensure the privacy and integrity of data.
Each company needs to have a data protection strategy in order to make sure that data is collected, handled and stored in a certain way which prevents foul play. The purpose of a data protection strategy is ensuring that data loss, theft and corruption does not happen. Also, this strategy needs to ensure there is a damage control plan: if the disaster happens how do you proceed in order to minimize loss and damage.
On the other hand, data privacy refers to the way the data has to be collected with considerations for sensitivity and importance. The concept of data privacy is mostly used when referring to personal health info and personally identifiable information (financial info, medical records, social security number, contact info).
The importance of data privacy resides in how you store and work with the sensitive information that your organization needs to handle, be it customer, shareholder or employee info.
Data privacy is what makes sure that all the sensitive data is only accessible to approved users only. The data privacy strategy needs to ensure that important data is also protected from malicious attacks, and that the organization is meeting all regulatory requirements.
Also worth taking into consideration is the fact that data privacy is enforced by data protection regulations, so you need to be careful with following them in order to avoid monetary fines.
We are tempted to assume that Data Protection and Data Privacy are one and the same but one addresses policies and the other mechanisms.
Data privacy handles who has access to data while data protection has applied those restrictions as a target.
Do breaches happen all that often?
Sadly, the answer is yes. A lot more often than we would like to admit in all honesty. Last year only there have been a number of data breaches that lead to considerable losses.
According to the Enduring from Home: COVID-19’s Impact on Business Security report by Malwarebytes up to 20% of last year’s data breaches were determined by remote workers.
However, it is not only working remotely on the mass scale that lead to multiple data breaches.
One of the worst data leaks of last year was due to a misconfigured database, which led to the social media data of nearly 235 million users from some of the most popular social media sites (Instagram, TikTok and YouTube) being exposed.
Kids’ games are also not safe. A security breach in an online game led to 46 million records being leaked. The weak point was the internal communication system from which a secret key was retrieved which allowed access to the company’s user database. The leaked data were then published on a forum.
A report issued by IBM and the Ponemon Institute Cost of a Data Breach report 2020, for which 3200 IT and security professionals working for 524 organizations in 17 countries and regions were interviewed, the global average cost of a data breach reached $3.86 million/breach in 2020.
What to do to ensure your cloud is secure?
Encryption is fundamental when talking about data privacy. And we are not only talking about at-rest encryption but also in-transit one as well. This is why you need to make sure you are using a great tool to encrypt your data.
One great option you can go with is having a Domino server. Your server is one critical resource to secure. A Domino server helps you with this endeavour as it has the option of specifying which users and servers have access to the server and restrict activities on the server — for example, you can restrict who can create new replicas and use pass-through connections.
One thing to keep in mind if you set up servers for Internet/Intranet access is setting up SSL and name-and-password authentication to secure network data transmitted over the network and to authenticate servers and clients.
Cloud platforms are convenient for companies because you get flexible storage space without having to invest in hardware and IT staff to manage it. The thing to take into consideration is that you need to make sure that data is properly encrypted. Also, if you know you handle sensitive data, whether your own or your customers’ you will also need to analyze if you want that data held into a public cloud or maybe opt for a private cloud, which is a more secure option.
Just because your data is not on-prem, or even more so because your data is not on your own servers you need to make sure that you use a service which offers you the level of data privacy both needed and legislated.
The way your cloud infrastructure looks is highly influenced by what you keep in it. If you use cloud just as a storing space for documents you will have a pretty straightforward approach.
If you have a SaaS in the cloud you will need different layers of security, be it encryption, passwords, allow lists, deny lists, anti-viruses and so on. In that case, an out of the box solution might not be effective enough, so you will need the help of experts to guide you through the process and ensure that you are doing what needs to be done to ensure your data is protected.
The third pillar of a secure cloud environment is Access. A recent 2020 Verizon Data Breach Investigations Report, points out that up to 60% of data breaches happen due to privilege abuse. So knowing who can access and what is key in making sure that your data is handled in a secure way.
The strength of the passwords your employees use is also of significant importance. Make sure that all the passwords that are used are as secure as possible and take into consideration using 2-factor authentication.
When it comes to monitoring there are providers who choose to use a third party solution. Some companies, like Prominic.NET for instance, opt for developing monitoring tools in-house.
All put together
All the steps listed above are sound basics to get started with in keeping your data private and secure. At the end of the day though, the most important thing to remember is that there isn’t one ready solution for every company’s needs and existing tech. That means you need to rely on internal security experts in evaluating cloud solutions. In absence of those, you will need to either make sure that the cloud provider you choose actually specializes in hosting the specific tech you have or need, or you will need to hire a third-party expert to guide you through the evaluation and / or implementation process.
Here at Prominic we pride ourselves on following all the best practices for ensuring data privacy in the cloud.
We are not only Domino experts, thus being able to provide you one of the most secure platforms there is, but we ensure that your data is where you want it to be at all times.
When it comes to secure infrastructure, Prominic.NET has our very own enterprise-grade data centers in the USA. Our geographical location in Southern IL allows us to provide our customers protection from some of the weather, climate, and seismic events that regularly affect both US coasts.
The partnership we have with Equinix also means that if you want your data stored in a EU based data center we can accommodate that for you as well.
The most important thing is that you need to know where your data resides and if it is being mined in any way, and whether your cloud provider is your competitor through their many global investments.
Prominic only does one thing: hosting. We have prided ourselves on meeting our customers’ needs through different technology stacks while respecting their right to data ownership and privacy.
If you have any questions regarding your data security needs, we’re happy to help.