Security and compliance in the age of cloud-first working

Steve Whiter, Director, Appurity, explains why cloud-first working is officially here to stay.

While migrating to a cloud-first strategy has been the ultimate goal for many businesses and organisations for a number of years, it’s undeniable that the COVID-19 pandemic has expedited this shift. In fact, Forbes found that 73% of surveyed enterprises accelerated their move to the cloud due to widespread remote working brought on by the pandemic.

But supporting the shift to remote working is not the only factor businesses are considering when moving to the cloud. A Deloitte survey of more than 500 IT leaders and executives in 2020 found that data and security protection was the number one motivating force behind these surveyed companies’ decisions to start migrating their organisational operations to the cloud.

It is generally accepted that the security provided by cloud service providers (CSPs) is inherently more secure than data stored on-premise. And while the security provided by CSPs is high – with their built-in firewalls and a high degree of redundancy – adopting a completely cloud-centric way of working still comes with concerns and questions about privacy and security, especially where this relates to the use and handling of data.

It was once the case that businesses only needed to contend with their own internal policies surrounding data management. But in recent years there has been a seismic shift in how data is expected to be managed and handled, to the point where governments and political blocs introduced legislation, such as the EU’s GDPR, to ensure the highest levels of data security, invariably raising the stakes for any business that handles and stores data.

And it’s not just GDPR that businesses need to comply with. There are various data management and protection requirements that exist across a number of industries and localities: The Payment Card Industry Data Security Standard (PCI DSS) within the financial industry, the Health Insurance Portability and Accountability Act (HIPAA) in the healthcare industry, and even the California Consumer Privacy Act (CCPA) – often described as the Californian GDPR.

In an age when many aspects of a business’s operations can be outsourced – IT, communications, even legal affairs – when it comes to compliance, the buck stops with the business in question. Failure to adhere to compliance regulations can mean severe penalties, which are serious and expensive. In other words, any business leader’s nightmare.

To view the full article, click here.

Reserve your pass today at Europe’s largest legal technology conference and exhibition