No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Cloud Computing & Cyber Liability Risk Management

by Eduard Goodman
February 18, 2016
in Uncategorized
cloud computing diminishes some risk, but be sure your data is fully secure

Cloud computing has completely revolutionized the way businesses handle data. No longer limited by their own hardware, companies can now take advantage of technology tools offered by providers around the world. This trend will only continue as more organizations transition storage and compute power to the cloud. According to analysts at Gartner, cloud services are predicted to grow to $244 billion by 2017.

With all the benefits the cloud has to offer, it is imperative that businesses develop the essential awareness and master the fundamental security capabilities required to safely and securely deploy cloud computing solutions. This is especially critical for functions—and even entire industries—with a high risk of data breach, such as payroll processing, human resources management, health care services and anything related to financial data, from consumer banking to payment card transactions to retirement fund distributions.

Different needs, different risks

The use of cloud computing was once relatively limited, revolving primarily around the storage of large or important data files and the need to have backup copies available in the event of a disaster. As cloud platforms continued to evolve, that all changed. Cloud computing now means not only the traditional storage-as-a-service, but also software-as-a-service and even infrastructure-as-a-service. Companies have transitioned entire software applications into the cloud, reducing their on-site footprint and making information and systems available to workers no matter their location.

Because the cloud means many different things in today’s connected environment, a careful evaluation of operational needs and practices will help determine where risks exist. A business must first identify the primary function it’s trying to move to the cloud, or where they may already be leveraging cloud-based resources. This will direct the team to the areas most vulnerable to exposure.

Storage-as-a-service and data-backup platforms are where many security and privacy risks often emerge. Whether it’s storing older information or just archiving data because the business doesn’t want to manage the servers itself, a set of risk parameters naturally exist anywhere potentially sensitive data is at rest. One positive about cloud data storage is that most providers offer highly effective safeguards, such as encryption. These features are often well-integrated, but businesses may not be leveraging the technologies to good advantage. For example, encryption tools are rarely applied by default. Cloud customers must usually opt in, meaning they need to not only deliberately utilize encryption, but also manage the encryption keys themselves. So while robust options to protect stored data are nearly always there, either available for a negligible additional fee or just for the effort of actually doing it, many entities never take the necessary steps to protect their cloud-based resources.

Slightly thornier issues exist on the managed-software side of cloud computing. Rather than simply storing data, more cloud platforms are allowing businesses to move away from the software and systems that have traditionally lived within their four walls to instead take advantage of powerful platforms in the cloud. Salesforce, WebEx and Microsoft Azure are just a few examples of cloud-based services. A multitude of data types are often managed by these platforms, ranging from attached spreadsheets and PDFs to entire databases that remain dynamic in the cloud.

One of the primary concerns with these platforms becomes delineation between the security measures and breach response protocols the vendor is responsible for and which remain under the purview of the customer. Few cloud software providers allow for negotiation of the contract terms and service-level agreements, leaving businesses to sift through detailed contract language to determine where obligations exist on both sides of the partnership and where security vulnerabilities may occur during the hand-off of data and compute power between users and the cloud provider.

Careful research makes all the difference

To ensure the appropriate safeguards are deployed around all instances of sensitive data, whether at rest or in transit, businesses must dedicate sufficient time and resources to conducting their due diligence. This exercise becomes even more important where hyper-specialized solutions may be in use, such as those that exist within the health care sector and other industries with very specific demands, needs and compliance mandates.

Everything from how the vendor is expected to respond to discovery requests to how notification occurs if the provider suspects a breach has occurred should be clearly stated in the service contract. A business considering a move to the cloud will also want to determine how their provider will respond to requests from law enforcement, regulators and third parties (Is an applicable subpoena, warrant or similar measure required?).

Cloud customers should also inquire about where the provider’s servers are located, as some regions – such as Europe – may treat data access differently than others, potentially creating a regulatory or liability issue for a multinational. Of course, these are in addition to the due diligence any cloud user should conduct around the security measures and privacy protocols the vendor deploys.

With a clear understanding of how cloud resources are to be leveraged within your own enterprise and what role the provider will play in bolstering security protections, a business will be well equipped to address potential weaknesses across its cloud footprint, as well as to mitigate its risk of running afoul of differing data protection obligations and its risk of a data breach.


Tags: Board Risk OversightCommunications Management
Previous Post

True Leadership Faces a Serious Moral Problem

Next Post

PwC Audit Committee Excellence Series – Managing Third-Party Risks

Eduard Goodman

Eduard Goodman

Feb 18 - Eduard Goodman headshot (264x400)Eduard Goodman is the Chief Privacy Officer of IDT911. An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona, where he sits on the Technology Committee and served as the 2015-2016 section chairman of the bar’s Internet, E-Commerce & Technology Law practice section. Eduard is a Certified Information Privacy Professional (CIPP), covering designations for the U.S., Canada and European Union.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

shifting sands risk

Shifting Sands: Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape

by Jim DeLoach
February 22, 2023

The global risk landscape has rarely been more unsettled over the past half-century than it is right now, and a...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

frayed_white

New Year, Same ESG Challenges: Overstretched Boards Face Barrage of Global Regulation

by Helle Bank Jorgensen
January 25, 2023

Global economic uncertainty notwithstanding, 2023 is certain to bring a host of emerging risks for board directors to navigate. One...

Next Post
PwC Audit Committee Excellence Series – Managing Third-Party Risks

PwC Audit Committee Excellence Series - Managing Third-Party Risks

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT