Knowing where your data is has never been more important. A combination of the rising rate of cyber attacks on organisations, the changing political climate and the upcoming introduction of the European General Data Protection Regulation means that cybersecurity is a key focus for organisations. Last year the discovery of data breaches at Yahoo! highlighted the need to properly secure customer data, and made consumers far more aware of the potential for their details to be stolen online.
Organisations have a duty of care to ensure that the details of customers are stored securely. Part of this is also the need for organisations to know exactly what their critical data is and where it is, to ensure it is comprehensively protected from threats. This extends to data provenance and knowing the location of your customer’s data and the laws that must be adhered to. When applying geographical boundaries to digital assets the physical location and the data centre it resides in is of increasing importance.
[easy-tweet tweet=”Being able to tell your customers exactly where their data is stored is hugely important.” hashtags=”Data, Security”]
In November last year, Amazon announced the opening of its data centres in the UK, which for the first time, would allow UK businesses to store data locally on its AWS infrastructure. It was an important announcement, not least because of the popularity of Amazon’s cloud service, but because it would enable AWS customers to inform their clients of the provenance of their data with confidence.
It’s not just about compliance, companies and individuals are increasingly aware of the importance of data provenance. Where sensitive customer, client or partner data is kept and by whom, is becoming a service differentiator for all verticals. As IoT and digital transformation progress, it will become more so.
It may be that data is perfectly safe held on a server in US, for example, but UK consumers tend to feel safer if their data is kept in the UK. This is especially true of the public sector and the NHS, whose customers are citizens who need to be protected.
A good example of how data security and compliance can drive innovation and new business opportunities is London based start-up Echo, one of the first users of Amazon’s new British data centres. The company has developed a smartphone app that takes much of the chore out of repeat prescriptions.
Users can manage their NHS prescriptions via their iPhone (and soon Android device) and have them delivered directly to their door. According to the company, the app can convert a doctor’s orders into alerts and reminders, helping patients to better manage their medications. It’s especially useful for those on repeat prescriptions, and the elderly and housebound.
It goes without saying that Echo has been given access to some of the most sensitive data in the country, and is NHS approved. Its data assurance will have to be top notch. While being an excellent example of how young digital entrepreneurs can help the overstretched NHS, and improve patient experience at the same time, its future success depends almost entirely on how the highly sensitive medical data it has been entrusted with is handled.
By using Amazon’s UK based AWS servers, the NHS at least knows that patient data remains in the UK and is traceable. Its security is entrusted to Amazon’s own technology. This is a lesson for all of us. In a world of subcontracting and security as a service, the integrity of the cloud or service you use is important. Make sure you ask where your data is being stored, who by and with what.
Being able to tell your customers exactly where their data is stored is hugely important. In the uncertainty of a post-Brexit UK, full data provenance will be demanded by your clients. You need to be in a position to fulfil this with absolute certainty, or risk losing their business. And ahead of the EU’s General Data Protection legislation coming into force in 2018 businesses need to use this year to get their security in order, or risk hefty fines if breaches occur.
John Madelin is Chief Executive of RelianceACSN, with over 19 years’ Cyber experience in network security, managed security services and identity management. Prior to joining RelianceACSN, he has delivered consistent double-digit compound growth through a reputation for solid execution, most recently at Verizon EMEA, as well as at BT; where he led the business continuity, security, and governance practice in the UK.
A strong believer in true professionalism in the Industry, John also holds an FCCA as well as an MBA from Manchester Business School, was a member of the board of the Information Assurance Advisory Council and was instrumental in the development of the Institute of Information Security Professionals.