Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Cloud data storage offers the promise of a cybersecurity safe haven and business continuity when companies, like those in Harvey’s path, are faced with flooded offices and no power for local servers, cybersecurity professionals and cloud computing company officials told Bloomberg BNA.
Harvey, the once category 4 hurricane, has wreaked havoc on the Houston metropolitan area, the fifth largest in the U.S., and is moving north through Louisiana. Disaster analyst Chuck Watson projected Harvey’s overall damage will cost as much as $75 billion, Bloomberg News reported. Halliburton Co., Phillips 66 Co., and Waste Management Inc. are all based in and have significant operations in Houston, according to Bloomberg data.
The devastation caused by Harvey serves as a stark warning to companies that collect and store customer, employee, and other sensitive personal data. These businesses should seriously consider storing such information in the cloud in the future if they haven’t already, cybersecurity pros said.
Companies “of all sizes” should have a “cloud-based migration plan” in place to maintain data security, “readiness, response, and resiliency,” Peter Tran, general manager and senior director in the Worldwide Advanced Cyber Defense Practice at RSA Security in Boston, told Bloomberg BNA. Having a cloud-based backup plan “removes physical geographic dependencies,” because the data can be safely housed on servers far away from threats, he said.
If a “data center in downtown Houston” fails, or if on-premise data storage is compromised, companies will still be able to reach their sensitive data to get back up and running, James F. Peters, vice president of technology for Quasar Data Center in Houston, told Bloomberg BNA. “Reputable cloud providers” will build their data centers “to sustain these types of disasters,” he said.
Companies may be hesitant to release control of highly-sensitive data to a cloud provider, but many third-party services offer greater cybersecurity and faster response times in the event of a crisis, cybersecurity pros said.
John Suit, chief technology officer at data security solutions company Trivalent in Annapolis, Md., told Bloomberg BNA that larger cloud providers generally offer their services globally and nationally, such as Microsoft Corp.'s Azure and Amazon.com Inc.'s AWS. Data kept by large-scale providers can be moved and accessed across the U.S., away from natural disaster-prone areas, he said.
But even local providers may be up to the task of safeguarding data if they have multiple locations and natural disaster fail-safe plans if a storm strikes.
Peters said that if Quasar’s downtown Houston data center was compromised, they have a backup location in Dallas that could handle their customers’ data. Many cloud providers, regardless of size, have “fail-over systems,” much like Quasar’s Dallas data center, that would show little to no impact to clients who use the service.
As a last resort, cloud providers should also allow companies to access the data in facilities in case of large scale network outages, Peters said. Companies should be able to go to a data center and “physically copy over stored data on a hard drive or other device” for business continuity purposes, he said.
Some companies considering the cloud as a way to ensure the security of data during a disaster may hesitate because they want to ensure they can control their regulatory obligations. Those concerns can be addressed by exercising due diligence on possible cloud service providers.
Some industries fall under federal and state regulations that may require increased data protection and security protocols for information stored in the cloud. Often, cloud providers will offer separate services for regulated industries to help ease compliance burdens, cybersecurity pros said.
All industry specific “regulations must first be met for data handling” before deciding on a cloud provider, “based on the business’s need,” Suit said. Major cloud providers, such as Amazon Web Service and Microsoft’s Azure, know the needs for most regulated industries and will “work with the business to ensure regulatory compliance, while keeping the data available,” he said.
Companies, especially in the health-care and financial services sectors, must remain cognizant of their obligations when moving data to the cloud, Peters said. For example, the Health Insurance Portability and Accountability Act and the Payment Card Industry Data Security Standard require “various certifications” and enhanced data security standards when data is stored in the cloud, he said.
Before picking a cloud-provider, companies should make sure there is a compliance officer on staff who has knowledge of relevant regulations and laws, Peters said.
To contact the reporter on this story: Daniel R. Stoller in Washington at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)