Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Dawn of data protection regulations: Will you be a hero or a villain?

Matthias Yeo, Chief Technology Officer APAC at Blue Coat Systems | May 10, 2016
On movie screens across the globe, Iron Man battles Captain America in fear of reckless power left ungoverned. Like Iron Man draws power from his suit, the cloud imbues organisations with remarkable power and flexibility. Yet, with great power comes great responsibility. Organisations must wield it effectively and protect users and their data, lest shadow IT creeps up, and hackers strike.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

On movie screens across the globe, Iron Man battles Captain America in fear of reckless power left ungoverned. Like Iron Man draws power from his suit, the cloud imbues organisations with remarkable power and flexibility. Yet, with great power comes great responsibility. Organisations must wield it effectively and protect users and their data, lest shadow IT creeps up, and hackers strike. Such risks have given birth to data protection regulations across Asia, from Singapore and Taiwan's PDPA, to Hong Kong's PDPO.

The double-edged blade of cloud adoption

The exacting business landscape requires businesses to stay nimble, and cloud adoption in Asia is part of that strategy. Today, 72% of organisations have at least one application in the cloud or a portion of their computing infrastructure in the cloud, up from 61% in 2013. And why not - cloud services like Salesforce, Google Drive, and Office 365 offer cost-savings, scalability, resiliency, and accessibility.

But there is a dark side to the cloud. Organisations risk losing control. Unsanctioned use of SaaS can and will expose valuable or sensitive data to the wrong parties. Attackers no longer need to take the effort to break into layered defences deployed by organisations, they need only to gain access to the cloud account. Like a tidal wave, large-scale, high-profile attacks and leaks have disclosed names, addresses, credit card numbers, and more to a world. Ransomware is a very real threat that has evolved to target cloud services.

The regulations are our safety checks, meant to ensure proper infrastructure and protocol. As an organisation, how do you stay as the superhero and not just live long enough to become a villain?

1) Ensure data sovereignty

Information can be stored in the cloud, yet it doesn't really leave the organisation. It's the best of both worlds. How? Tokenisation and encryption. Tokenisation means that a representation of the data is kept at the cloud, but the real data is stored within the company premises. Correctly implemented, it has no impact on users or performance, and data sovereignty is maintained. The beauty is that it matters not where or in how many data centres the data is replicated, the actual, identifiable content of personal information, credit card number or other sensitive content has to be referenced back to the organization.

2) Ensure visibility

The Avengers can't protect the world blind. Similarly, you need to know exactly what cloud services your users are accessing. Proper visibility and policies is your first step to proactively safeguard against unauthorised usage and social engineering. Picture a scenario where a hacker tries to brute force a cloud account, or there are login attempts from multiple countries, with visibility, alerts would be easily triggered. Anomalous behaviour such as huge downloads, or attempts to encrypt a large amount of files could signify attempts to steal data or ransomware in place.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.