Not all of us live in cloud cuckoo land and think storing valuable information in the cloud is safe. But knowing that our data is not necessarily safe is one thing, taking the correct course of action in this climate of increased cybersecurity risks and threats is quite another.
The National Cyber Security Centre (NCSC), a part of GCHQ, was launched in October 2016 as the government’s response for this reason. It is the single point of contact for SMEs, larger organisations, Government agencies and departments, and provides world-class advice and consultancy services to a variety of Government and industry customers globally.
The NCSC has advised that, from a security perspective, using a cloud service provider which has made the ‘right security investments’ can give many benefits. It further noted in its report titled The cyber threat to UK business 2017-2018: “Only 40% of all data stored in the cloud is access secured, although the majority of companies report they are concerned about encryption and security of data in the cloud. As more organisations decide to move data to the cloud (including confidential or sensitive information) it will become a tempting target for a range of cyber criminals. They will take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored.”
Business relying on cloud security will need to develop compliance and governance frameworks to manage the range of cloud security duties that apply to them. The NCSC published its 14 Cloud Security Principles which are intended to help businesses achieve this:
- Data in transit protection.
- Asset protection and resilience.
- Separation between users.
- Governance framework.
- Operational security.
- Personnel security.
- Secure development.
- Supply chain security.
- Secure user management.
- Identity and authentication.
- External interface protection.
- Secure service administration.
- Audit information for users.
- Secure use of the service.
The NCSC further explains the ways in which cloud buyers can determine and demonstrate compliance with the cloud security principles. Such as, but not limited to:
- Cloud Service Provider assertion
- Cloud Service Provider contractual commitment.
- Third-party certification
- Independent testing.
It is always worth seeking advice if you’re not sure whether your valuable business information is safely stored on the cloud and the NCSC is a great place to start. Of course, one of the safest forms of storing valuable information is not on the cloud, but via an encrypted digital pathway such as Dataguard eBox. I’d like to say it’s a down to earth product – it’s certainly anything other than in cloud cuckoo land.
Barrister – Intellectual Property & Licensing Specialist