February 10th, 2017 AI Insight
The common misconception about the Cloud is that it’s not a safe data storage solution. At Automated Intelligence, we know that the reality couldn’t be more different. In our experience, Cloud investment (from Microsoft and other providers) is extensive. Security around Cloud platforms like Microsoft Office 365 and Azure now eclipses most legacy or on-premise approaches.
The Government Digital Service (GDS) has now endorsed this opinion. They recently published guidance, for UK Public sector organisations, that states it is “possible for public sector organisations to safely put highly personal and sensitive data into the public cloud.”
This means Public Sector organisations have official backing from the UK Government to begin building Cloud-based information strategies. This will come as a huge relief to many authorities who have felt resistance to adopting Cloud technology before now.
So, what does this guidance mean in reality? Let’s break it down:
Addressing key steps that organisations should be aware of before adopting a Cloud platform, the guide includes advice on:
While giving the thumbs-up to Cloud, the guide also makes clear that organisations have a responsibility to ensure their data is managed appropriately. It states; “Well-executed use of public cloud services will be appropriate for the vast majority of government information and services. However, each organisation needs to make their own risk-based decision for their specific systems or data.”
The advice from GDS states that the same risk management rules apply to Cloud as on premise systems. This means that responsibility is shared between Cloud services vendors and the organisations. Steps should be taken by the organisation to understand how this responsibility is shared, and where appropriate, layer security controls on top of the ones already in place.
The guide refers specifically to legal requirements such as the Data Protection Act and the EU Data Protection Directive. Both must be considered when adopting Cloud services. Organisations should also be aware that GDPR comes into force on 25th May 2018. This legislation will be in place to help govern to processing of information on EU citizens. Organisations unsure of their responsibilities under these requirements are advised to:
We have a range of solutions designed for organisations to transfer data safely and cost effectively to the Cloud. While at the same time meeting the requirement to securely manage the life-cycle of data while in the Cloud. Get in touch to help better understand your responsibilities.