Without a doubt, cloud storage empowers enterprises by allowing them to increase the speed, convenience and productivity they need in order to rapidly advance in today’s competitive business world. But, in the process of switching to a cloud vendor, an enterprise also relinquishes full control of its data sets, both its own and that of its customers. This poses enormous challenges for modern enterprises in terms of cyber security, confidentiality and regulatory compliance, as the loss of sensitive data can be disastrous for a company’s financial stability, brand reputation and business continuity.
“The shift to cloud computing has essentially extended the boundaries of the traditional computer processing environment to include multiple service providers,” Deloitte & Touche LLP director, Khalid Wasti, says. “This brings a complex set of risks to an organization’s data as it travels through the cloud.” Rather than an entire IT infrastructure being managed in-house, which is easier to secure, data is now being passed back and forth via multiple high-demand networks.
Fortunately, it does not have to be a case of choosing one or the other, between traditional and secure data storage or rapid, potentially insecure cloud systems. You can enjoy the economies of scale, flexibility and efficiency offered by the cloud and manage the threat landscape in order to secure your data effectively. The key to this is auditing and reporting. You need to know exactly where your data resides and whether it is fully compliant with your industry’s laws and regulations. An audit is typically a review of a third party vendor’s policies, procedures and technical solutions to ensure that it is currently protected and will continue to be secure in the future.
Even though a vendor may be storing your data, you are still the data controller and need to cover the technical, policy and usage aspects of all data handling to maximise security and meet compliance. This is covered in the UK Data Protection Act, a legal requirement for all enterprises. Auditing and reporting feed into this as it will allow you to monitor the security and compliance of your data solutions in real time and on an ongoing basis. This should not be a singular process, but something that improves and evolves over time.
An internal audit should cover aspects such as infrastructure security, identity and access management, in addition to data management. Data loss is just one of many cloud security threats capable of causing disasters and long-lasting damage. These threats include denial of service, insecure interfaces and APIs, and account hijacking. As a data controller, you need to verify whether security patches are rolled out in a quick and timely manner, consider how authorisation and access models will integrate with new cloud systems, and whether the complexity of cloud data storage may compromise data retention. You may also want to talk with a cloud provider about the ability to perform penetration tests on systems where your data resides.
Cloud vendors are now building security auditing and reporting into their products to help businesses to secure data and navigate the threat landscape on a daily basis. Microsoft can work with you to employ an effective risk management model. The vendor ensures the cloud service they provide meets the security, privacy and compliance that dovetails with your business goals and objectives, while also offering access to the tools, controls and advice so that you can configure and implement a robust security system which is tailored to your specific needs.
Microsoft Dynamics 365 provides extensive online auditing functionality with a centralised log and other invaluable reporting features. Dynamics 365 uses role-based, record-based and field-level security to help you define a robust and detailed system for determining who has access to your company’s data. The ERP product not only ensures that each user only has access to the information they need for their roles, reducing the risk of insider threats, but also supports data sharing for collaboration so that employees can still work together for the benefit of your business. This model combines all the benefits that a cloud system can offer, with a laser-like focus on cyber security and precise attention to detail. Dynamics 365 also has audit logs to increase transparency by providing a complete overview of every interaction with your data sets. It allows you to see who accessed the system and when, what they updated and whether they deleted any records. This information can all be used to inform your auditing security compliance and reporting processes.
The cloud is transforming nearly every facet of modern business, and you can embrace all of its benefits while creating a culture centred around security with extensive auditing and reporting activities. In a world linked by the cloud, it’s finally possible to stay connected while still staying secure.
(9)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2312