{"id":93507,"date":"2023-06-21T07:05:00","date_gmt":"2023-06-21T07:05:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=93507"},"modified":"2023-06-21T07:05:00","modified_gmt":"2023-06-21T07:05:00","slug":"podcast-cloud-security-compliance-and-data-classification","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=93507","title":{"rendered":"Podcast: Cloud security, compliance and data classification"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/podcast-cloud-security-compliance-and-data-classification.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>In this podcast, we look at <a href=\"https:\/\/www.computerweekly.com\/resources\/Data-protection-regulations-and-compliance\">cloud storage compliance<\/a> and security, with a particular eye on data residency and auditing your data, with Mathieu Gorge, CEO of&nbsp;<a href=\"http:\/\/vigitrust.com\/\">Vigitrust<\/a>.<\/p>\n<p>We talk about the rise of the cloud and the tendency towards data holdings in <a href=\"https:\/\/www.computerweekly.com\/feature\/Cloud-storage-Key-storage-specifications\">cloud storage<\/a> to proliferate, especially with the ability of departments across the enterprise to spark up cloud services with a credit card.<\/p>\n<p>Gorge also talks about the rise of increased geo-political risk and the ever-present need to mitigate against it, especially by means of data classification and cloud auditing.<\/p>\n<p><span><strong>Antony Adshead: What is changing about the cloud and its adoption that affects compliance?<\/strong><\/span><\/p>\n<p><span><strong>Mathieu Gorge:<\/strong><\/span> Cloud has been around for 20 to 25 years, and we\u2019ve spent a lot of time talking about the difference between public, private and hybrid cloud, but in the past few years, we\u2019ve seen some new security frameworks come in to help manage the cloud.<\/p>\n<p>The Cloud Security Alliance publishes some very good work there and some frameworks you can use. There is also <a href=\"https:\/\/www.techtarget.com\/searchcio\/tip\/The-5-CMMC-levels-and-how-to-achieve-compliance\">CMMC [Cybersecurity Maturity Model Certification]<\/a> in the US and <a href=\"https:\/\/www.enisa.europa.eu\/topics\/cybersecurity-policy\/nis-directive-new\">guidance from ENISA in Europe<\/a>.<\/p>\n<p>One of the key changes we\u2019re seeing is managing contracts with your cloud provider, and what the contracts should be about. The issue comes originally from that idea of managing the data supply chain and the lifecycle of the data.<\/p>\n<hr>\n<hr>\n<p>So, you create some data and it ends up in the cloud. Where is that cloud located? What jurisdiction is it under? What kind of regulation applies, whether it\u2019s <a href=\"https:\/\/www.computerweekly.com\/podcast\/Podcast-2022-compliance-preview-GDPR-goes-global\">GDPR [General Data Protection Regulation], CCPA [California Consumer Privacy Act]<\/a> or maybe an industry standard like PCI or whatever?<\/p>\n<p>What we\u2019re seeing is that organisations have a main issue right now that, whereas in the past, to set up data in the cloud you needed to go through IT, now it\u2019s more or less self-service. So, any department in your organisation can use a credit card and start some sort of new cloud recipient, so to speak.<\/p>\n<p>This bypasses security and compliance, and definitely creates a nightmare for compliance, storage, backup and generic security.<\/p>\n<p>That\u2019s one of the things we\u2019re seeing right now. Cloud providers are basically saying, \u2018We\u2019re going to help you manage the data that you entrust us with for you to be able to comply with all those regulations\u2019.<\/p>\n<p>So, we\u2019re seeing cloud providers being a bit more proactive, we\u2019re seeing MSPs [managed service providers] and MSSPs [managed security service providers] working with cloud providers and integrating security with cloud to make it easier for organisations to manage data.<\/p>\n<p><span><strong>Adshead: What impacts on storage, and backup in particular, do these changes imply for enterprises?<\/strong><\/span><\/p>\n<p><span><strong>Gorge:<\/strong><\/span> Once again, we need to go back to the basics that you cannot protect data if you don\u2019t know you have the data, and if you don\u2019t know <a href=\"https:\/\/www.computerweekly.com\/feature\/Cloud-storage-data-residency-How-to-achieve-compliance\">where that data is<\/a> or who has access to it.<\/p>\n<p>It\u2019s all well and good to transfer some of the operational risk around data to a cloud provider because they are better equipped to do that, but ultimately the risk remains with you.<\/p>\n<p>What you need to do is look at the contracts, to make sure you understand the SLA [service-level agreement] to get your data back, but you also need to look at the <a href=\"https:\/\/www.computerweekly.com\/podcast\/Podcast-2023-compliance-and-storage-outlook\">geo-political risks<\/a> at the moment.<\/p>\n<p>Perhaps you have some data in a country that is no longer stable. We\u2019ve seen the issue with Russia and Ukraine. We\u2019ve seen a lot of western organisations losing data and information in Russia. Even though you might have a backup, the issue is that the Russian government can look at your data.<\/p>\n<p>It would be advisable for everyone to map out all the different cloud providers they have worldwide, to understand whether they need a table-top exercise on how to exit the country from a cloud perspective and then transfer the data and erase it, as much as is legally possible, from those countries you are exiting.<\/p>\n<p>Contracts are key, understanding what type of data needs to go into what cloud. And also, understanding the security requirements, but also the security features that come from the cloud provider for each type of data. A lot of mapping and <a href=\"https:\/\/www.computerweekly.com\/feature\/Data-classification-What-it-is-and-why-you-need-it\">data classification<\/a>, and of course security, is a journey, not a destination, so it all needs to be done on an ongoing basis.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this podcast, we look at cloud storage compliance and security, with a particular eye on data residency and auditing your data, with Mathieu Gorge, CEO of&nbsp;Vigitrust. We talk about the rise of the cloud and the tendency towards data holdings in cloud storage to proliferate, especially with the ability of departments across the enterprise [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":93508,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-93507","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/93507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=93507"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/93507\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/93508"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=93507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=93507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=93507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}