{"id":88604,"date":"2023-03-29T11:45:00","date_gmt":"2023-03-29T11:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=88604"},"modified":"2023-03-29T11:45:00","modified_gmt":"2023-03-29T11:45:00","slug":"podcast-cloud-storage-data-protection-and-compliance","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88604","title":{"rendered":"Podcast: Cloud storage, data protection and compliance"},"content":{"rendered":"
<\/div>\n

In this podcast, we look at cloud storage and how to retain control of it from a compliance perspective<\/a>, with Mathieu Gorge, CEO of Vigitrust<\/a>.<\/p>\n

We talk about the difficulties that arise as a result of being able to easily initiate cloud storage instances. The likelihood is that customers can fail to keep track of where data is, who owns it, who has access to it, how it is protected and whether it is compliant. That risk is heightened by current geopolitical events, such as the Russian invasion of Ukraine<\/a> and resulting sanctions and responses.<\/p>\n

Gorge talks about how to get control of your data in cloud storage via means such as data classification<\/a> and use of helpful industry frameworks.<\/p>\n

Antony Adshead: What threats to legal and regulatory compliance does storing data in the cloud pose?<\/span><\/strong><\/p>\n

Mathieu Gorge:<\/strong> I think the first issue here is that we\u2019ve got more and more data in the cloud and less and less on-premise, and that makes sense from an operational and financial perspective.<\/p>\n

But from a contractual, legal and compliance perspective, it brings up a number of challenges. Where is the data? Who owns the data? How is it backed up? Is it actually backed up? Is it stored in a legal and compliant manner? Is it stored in the right place?<\/p>\n

We know right now with all the geopolitical risks that if you had data in Russia, with western assets being taken over by the government, you actually lose that data \u2013 even if you have a backup, the Russian government would have a copy of it. So, we\u2019re seeing more companies doing table-top exercises trying to understand where the data is, and what they would do if they needed to exit a country.<\/p>\n

The main challenge is that we need to understand how many cloud providers you have, can you trust them, do you have the right contracts with them? And do you actually know where your data resides?<\/p>\n

Unfortunately, most companies struggle with that. They don\u2019t necessarily understand their ecosystem. It\u2019s just so easy to start a new cloud system somewhere else, and that\u2019s why it\u2019s so popular. But the issue arising out of that is that you don\u2019t necessarily have control of the data that\u2019s in the cloud, you don\u2019t know if it\u2019s backed up the right way, and from a data protection and compliance perspective, that becomes a bit of a nightmare.<\/p>\n

Adshead: What are the implications of these threats for backup and data protection in particular?<\/strong><\/span><\/p>\n

Gorge:<\/strong> The implications are that you may lose some data, you may not be able to retrieve some data, or access some data, and\/or third parties that are not authorised may be able to access the data instead of you and copy it.<\/p>\n

So what you should bear in mind is that depending on where you reside<\/a> and depending on the type of data that you take, whether it\u2019s credit card data, protected health information or any type of PII, you have requirements under the law and various regulations to protect that data. You need to be able to, for example, say that you are in compliance with PCI<\/a>, HIPAA, or GDPR.<\/p>\n

The challenge with that is you can only do it if you know where your data is, and if you\u2019ve classified the data, mapped it out and specified who has access to it under what conditions.<\/p>\n

One of the good things about cloud is that it is reasonably well-monitored by regulators and various associations. So, for example, you\u2019ve got ENISA<\/a>, the European Network and Information Security Agency, which is really active on providing cloud protection guidelines; you\u2019ve got the Cloud Security Alliance<\/a>, which is very good with cloud security metrics and a good framework to start protecting your data in the cloud. Every year, they do an event at RSA called the Cloud Security Summit.<\/p>\n

Also, you have CNMC from the US government, which is for anyone dealing with data in the cloud for government. It\u2019s a good framework that allows you to map out your data storage, to classify the data and demonstrate that you have the right security and compliance levels.<\/p>\n

On balance, there\u2019s no shortage of help to manage data in the cloud and compliance. The challenge is really trying to map out the data, because it doesn\u2019t matter what framework you use or what technical solution you use. You need to know where the data is. There\u2019s so much data in the cloud \u2013 and data in the cloud that you\u2019re not aware of \u2013 and that\u2019s creating a gap in your security analysis.<\/p>\n

The advice would be to map out all of your providers, third parties and fourth parties, and making sure you check where your data is residing. That\u2019s really the key.<\/p>\n","protected":false},"excerpt":{"rendered":"

In this podcast, we look at cloud storage and how to retain control of it from a compliance perspective, with Mathieu Gorge, CEO of Vigitrust. We talk about the difficulties that arise as a result of being able to easily initiate cloud storage instances. The likelihood is that customers can fail to keep track of where […]<\/p>\n","protected":false},"author":1,"featured_media":88605,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-88604","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88604"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88604\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88605"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88604"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88604"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}