How secure is secure?Published: Friday, 15 May 2015 12:11 by David Hetling, Marketing Manager, IS Solutions Plc
Data, data, everywhere
The web is alive with facts and figures about how much more data there is this week than last week – or last year – or last decade. Suffice to say, the momentum behind data growth is not slowing down – neither is it likely to any time soon.
Once you get into the nitty-gritty of data collection though, sooner or later the question has to be answered – what are we going to do with all this data? Specifically, how can we commercialize it to derive business value and, perhaps most importantly, how can we protect it to make sure that it doesn’t get into the wrong hands? This second consideration is of paramount importance – there have been too many reports in recent years of catastrophic data breaches resulting in loss of goodwill towards the data owner and immeasurable damage to the brand. These intangibles are just the start too – compliance risks abound, particularly in heavily regulated industries like finance, utilities, healthcare and pharmaceuticals.
Stick to what you’re best at
The value of the data is directly related, of course, to the ability of your business to make sense of it. Data value touches people throughout the organization too – placed in the hands of business users across the enterprise it has the power to streamline internal processes, transform customer relationships and drive both cost savings and improved revenue for the business to reap rewards through increased profitability.
The secret to deriving value from data is by placing it quickly, and in a digestible form, in the hands of the people that really understand how to use it. The cost of that movement of data to the right places at the right time though can be measured partly in terms of what it’s stopping your IT department from doing. When they could be working on innovative projects that enhance the effectiveness of the business, they may instead be engaged in projects to manage your data, secure your IT estate and deliver systems compliance. When that’s the case, perhaps the heavy lifting of data management and big data processing should be pushed out to the cloud?
Cloud first, second, third…
Moving your data to the cloud, particularly into a Software-as-a-Service (SaaS) environment, makes it ready for use. Actionable data, within a business-ready application, empowers your users to accelerate the use of that data and capitalize on the narrow window of opportunity during which the data is most valuable.
Reticence remains though around cloud migration; industry regulation causes compliance headaches, while there is an ever-present need to reassure enterprises on their journey to the cloud that security need not be an issue if you choose your managed service provider carefully.
ISO, PCI, SOC et al
Even a cursory investigation into cloud options will throw up a raft of security Three Letter Acronyms. The ISO27001 standard for Information Security Management helps organizations to keep information assets secure and is the very least that should be expected if you are entrusting your data to a third party. Likewise, the Payment Card Industry Data Security Standard (PCI DSS) is the benchmark for any organization handling credit and debit card data and covers the prevention and detection of security incidents. The Service Organization Control (SOC) framework has been developed by the American Institute of Certified Public Accountants (AICPA) and details a service provider’s non-financial reporting controls in key cloud areas like security, availability, confidentiality and privacy.
There are many more standards besides these but the key principle is that organizations achieving such standards have had to demonstrate by audit that they have in place a very robust and rigorous process, with supporting documentation and systems, for the management of any personally identifiable information (PII) and sensitive corporate data. This is a good indicator of trustworthiness, reliability and the overall seriousness with which accredited providers take their security responsibilities.
Back to the data
Celebrus is all about the data – collecting actionable data is its raison d’être and it is trusted by organizations all over the world not just to collect the best digital customer data but to enable it to be made available exactly when it’s needed.
Celebrus is cloud-ready too. Not only is it agnostic about whether your deployment is on-premise or cloud-based, but it also provides complete client control over all aspects of data management – this includes curbs on the data collected, including the total avoidance of sensitive data like payment card details if necessary, but also restricting when and to where data is loaded.
Moreover, Celebrus’ recent acquisition by IS Solutions has opened it to new opportunities in the delivery of securely-hosted, fully-managed, flexible cloud services. IS Solutions is both ISO27001 and PCI DSS certified and is working with global clients and partners in the collection, analysis and management of very large quantities of customer data.
These clients are in multiple industries and, interestingly, some of the sectors that you might believe are averse to cloud deployments are, in our experience, among the most active in terms of their cloud investigations. This is reinforced by research released recently by the Cloud Security Alliance that shows cloud adoption on the rise in the finance sector for instance. Clearly, ways are being found around this perceived restraint, including full private cloud solutions and hybrid options like remote managed services into an on-premise environment.
So don’t worry about the data collection and put your mind at rest about the ISOs and PCIs of storing it in the cloud – with Celebrus and IS Solutions those are covered. Just focus on the business value that you can drive through your enterprise by taking action on the most granular individual digital data available.