Rhys Macfarlane, Chief Security Officer, Luxury Escapes
Like many of my colleagues, I started my journey from cloud- skeptics and have overtime moved over to become a believer. In the current time of data sensitivity and the new age of the powerful regulations, such as the GDPR, I believe that embracing the cloud has become the smarter choice for the majority of companies. Based upon conversations with other security experts and from what I gather at forums, summits, and conferences, I am not alone in this belief. Security cloud supporters appear to be moving from being outcasts to the norm within the information security sphere.
The level of respect and care being given to data seems to be at the outsets of a positive change. Following on from several high profile incidents there is a sudden awakening within the general population, on the high value of their data and just what can happen when it is misused or used for purposes they were not aware of. The focus given to Cambridge Analytica is a prime example of this realization. This increase in public awareness has resulted in governments intervening to create guidelines, rules, and regulations to ensure the correct level of care and respect is given to data, especially personally identifiable information (PII). These regulations also come with extremely high levels of punishments, which have recently seen play out in public to several high-profile companies.
This change in public desires regarding their data combined with the new regulations has brought secure data storage to the very forefront of business considerations. It has encouraged better data behavior and presented crippling outcomes for business failures, both of which have resulted in companies working hard to ensure the highest levels of protection. However, I should also note that I do believe in general companies will want to engage in best practices for data protection and will act in good faith to take all appropriate steps, not just because of the introduction of a big stick to punish them if they do not.
Overtime I have become a firm believer that cloud-based storage is the fastest way for companies to ensure they are compliant with all data regulations
Overtime I have become a firm believer that cloud-based storage is the fastest way for companies to ensure they are compliant with all data regulations. I also believe that this will be the safest and most ethical way for companies to hold their data, aside from a few exemptions. Holding data on in-house servers requires a great expense to setup in a secure and compliant fashion, even the design and location of the building they are held in must be well planned out. Once set up, the company would need to maintain constant supervision and updating of their server setup to ensure they remain immune to the rapidly escalating cyber threat landscape and the ever-changing requirements of numerous relevant regulations. However, outsourcing this responsibility to one of the reputed cloud-based storage companies, AWS or Salesforce as an example, provides the company an easy and reliable way to ensure they are meeting the highest level of any regulation or threat.
Such companies become the trusted custodians of the data. Compliant and secure data storage is the core of their business, instead of a periphery like ours. This undoubtedly means that on the whole, they will have more time, energy, and resources to give to this task than we could ever do in our companies. This removes the perpetual burden from us and will instead allow us to focus our energies and resources in the far more nuanced and individual security requirements of our companies.
During my time at Luxury Escapes, an e-commerce company and a very forward leaning and proactive one when it comes to security, we have become an entirely cloud based data company. I have seen firsthand the results of embracing this change for both business outcomes and security. It has freed us up to focus our efforts on other areas of security while ensuring that the absolute highest levels of protection are being given to our customers’ and team members’ data. It has also allowed us to instantly meet numerous data and security regulations with relative ease that would have otherwise taken significant time and energy to achieve.
I believe that this move toward outsourcing to cloud providers is an entirely natural step, and as outlined above, a positive one for security. However, even if it was not ideal from a security standpoint, the increased focus from company executives on data storage and the significant amount that can be saved by moving to a cloud provider means that this change is a foregone conclusion. The move toward cloud is happening, or rather to be more accurate, it has happened, so we in the security space need to get onboard this train. There is no point in us standing out from the crowd beating our chests and insisting that in-house is the way to go. After all, our job is to protect the company in line with business directives and not to attempt to steer the entire direction of the company. Instead of resisting this change, we should spend our energy ensuring that the change is done on the most secure method possible and that we have set our companies up for maximum long-term success from the very outset.