Keep Calm and Carry On (in the Cloud) – Know the Risks

April 07, 2015

The sun may be shining over London, but one cloud still looms…

Okay, that may be somewhat dramatic, but there are interesting challenges that the exponential rise in cloud adoption presents for businesses, cyber security and data privacy compliance.

It is easy to understand business motivations for cloud adoption: business agility, global mobility, flexibility and minimal expense all provide good reading for any organisation. However, it is equally important for businesses and individuals to understand their role in fulfilling legal compliance and ensuring the security of data they process.

Anyone using the cloud should ask (and answer) key questions including: Who has access to my data? Where is my data travelling to and where is it stored? Do I have full control over who has rights to the data? And, does a move to the cloud put me at risk from failing to comply with the Data Protection Act?

In the summer of 2014, a new ISO cloud standard (ISO/IEC 27018) was published, providing an opportunity for organisations of all sizes to have a set of guidelines which take into consideration the regulatory requirements expected of those processing personal information. The ability to independently audit and certify an organisation against a set of agreed standards is an important step forward for cloud security. It is important as well for PwC, who are often required to play a central role in ensuring organisations have the best platform possible to stay compliant and safe.

A recent survey carried out by the Information Commissioner’s Office showed that 46% of individuals did not realise that by hosting their information on cloud servers, it has the potential to be stored anywhere in the world. Cloud solutions may have been widely adopted, however discussions and education to improve the knowledge of those using such solutions is lagging. 

The challenge, which still remains, is not only embedding these standardised policies, but to effectively inform users and articulate the issues and risks associated with cloud adoption. Our recently released Privacy and Security Enforcement Tracker really brings home how many organisations have been caught out as a result of gaps in the basic levels of awareness and education required to achieve compliance. Our Privacy and Data Protection practice aims to lead the field in this regard, bringing the very best of our professional services knowledge and expertise to bear, educating all levels of business on the subject area whilst empowering decision makers with the confidence to navigate the complex privacy quagmire in advance of the EU Data Regulation changes on the horizon.