Data Security and the Journey to the Cloud

Cybersecurity teams are facing fresh challenges as businesses walk the path of digital transformation

A disgruntled employee uploads customer data to a third-party platform, triggering the public naming and shaming of your company. A cache of regulated data is left unencrypted on an open server, creating a prime target for a cyberattack.

While nightmare scenarios like these are enough to keep data privacy and cybersecurity executives up at night, unfortunately, such events are increasingly common.

Considering high levels of public interest in data privacy and the rapid acceleration of digital transformation roadmaps for enterprises, strong data governance frameworks, and effective cybersecurity are essential.

Our survey of 125 data privacy, security, and governance executives on behalf of data access and governance technology company Okera, shows that companies are putting more of their data into the cloud as they walk the path to digital transformation.

In fact, 72% already have moved at least half of their organization’s data to the cloud. This has many benefits, such as the ability to conduct analytics at speed, rapidly scaling artificial intelligence and machine learning initiatives, and reducing capital expenditure on hardware.

However, it also creates new challenges, like how to ensure data security at a fine-grained level and how best to manage the thorny question of data access and control – especially by third parties.

 “New innovations have completely changed our organizational structure and what we thought IT security would be. It’s a new world – everything’s moving to the cloud”

Rick Doten VP, Information Security at Centene Corporation and CISO at Carolina Complete Health

Accelerating Cloud Transformation Roadmaps

Before the global pandemic, digital transformation was already underway for many enterprise companies. However, the disruption it caused changed mindsets and accelerated roadmaps.

As the pandemic required organizations to rapidly pivot to remote work and expand their digital infrastructure, the conventional ‘walled garden’ approach to network security was replaced by borderless networks.

“The explosion of remote working has created borderless networking in a way that we have never seen,” says Equifax BISO Michael Owens. “Services that were done in-house are now being moved to the cloud. That’s redefining what traditional network boundaries look like.”

At the same time, our research shows that companies are moving more data to the cloud and buying more cloud-based services. This means businesses are more reliant on third parties to assure both their data security and the data privacy of their customers.

“The move to the cloud means companies are relying more and more on third parties, which extends and increases the number of external entities that are involved in every supply chain,” says Owens.

Meeting Data Residency Requirements

This increased reliance on third parties complicates requirements when it comes to where data is stored, where it is backed up, and who has access to it. Depending on how regulated the industry is, this could have significant ramifications on compliance.

“If you’re using a cloud-based provider or solution, you have to look at a variety of key aspects including what data will be involved and its classification,” says David Levine, VP of Corporate and Information Security and CSO at information management and digital services company Ricoh USA, Inc.

Asking these questions helps security and privacy-focused executives to determine how much risk is involved and informs the appropriate decisions about where data should reside.

Levine continues: “If the data and backup are in the US, that’s one thing, but if the data, backups, or users are in Europe, that will likely have significant implications.”

The accelerated transition to the cloud has presented security and privacy-focused executives with new challenges. Business leaders must consider where data is, how well it’s protected and how it is accessed to keep up with fast-evolving data privacy regulations.

As digital transformation initiatives progress and more sensitive data is uploaded to the cloud, secure access and control of all data will become an ever more pressing priority.

“The move to the cloud means companies are relying more and more on third parties, which extends and increases the number of external entities that are involved in every supply chain”

Michael Owens, BISO, Equifax

This is an excerpt from our Intersection of Data Privacy and Cybersecurity 2021 research. To read the report in full, click here now to get your copy.