With more and more data being transferred from a business’ data centre to the cloud, the idea of companies not knowing where in the world the physical hardware of the cloud solution lies is proving to be a huge risk to both companies and their clients.
The UK has strict rules on how data should be appropriately processed, but the current attitude toward these rules is causing serious concerns for the Information Commissioner’s Office (ICO).
The UK data protection watchdog believes that many businesses do not realise that they’re still held accountable for the data even after handing it over to a cloud provider.
ICO technology policy advisor, Dr Simon Rice, highlighted the rules on outsourcing: “As a business, you are responsible for keeping your data safe. You can outsource some of the processing of that data, as happens with cloud computing, but how that data is used and protected remains your responsibility.”
The ICO has published a set of guidelines for companies migrating data into the cloud in the hope of clarifying the situation.
Here’s a breakdown of their top tips:
- Businesses should review any personal data they process and prioritise what should and should not be moved into the cloud.
- Organisations are also strongly recommended to inform end users about any processing arrangements made as well as ensure that their cloud provider has implemented the appropriate technical security for such information.
- Whilst it is advised to inspect the premises of the cloud supplier, the ICO stated that it is “unlikely that a cloud provider would be willing to permit each of its prospective and current customers to enter its premises to carry out an audit,” resulting in the use of an independent third-party audit. (With UKFast you can arrange a tour of our data centre facilities where we will be happy to explain how your data is stored and secured.)
- The watchdog stated that the encryption of data in transit and possibly “at rest” is a significant factor, especially when processing sensitive personal data.