The rapid adoption and popularity of cloud and SaaS applications such as Microsoft Office 365 have introduced a better way to collaborate and share data, providing businesses with improvements in efficiency and lowered IT costs. SaaS and cloud computing are changing the paradigm for how we work.
As you move to the cloud, you also introduce some risk to your organisation. As data moves between individuals and collaborators, between endpoints and across the globe, new security requirements are necessary to keep your data safe and to keep your business compliant.
Data Sovereignty Concerns are Global
Questions of data ownership, individual privacy and data residency have moved to the forefront both for IT and governments around the world. Although data sovereignty and data residency regulations are set by the government, responsibility to meet those regulations fall on both the organisation and the vendor selling within a given country.
Tips for Maintaining Compliance
So how do you maintain data compliance and data security as you move to hybrid or cloud environments? Firstly by recognising that data compliance for cloud and SaaS applications requires consensus and participation between IT and all departments that are now using the SaaS or cloud apps. IT is still responsible for the data, but may no longer own the application. This is a shift from the role of IT and software in an on-premise environment.
So where do you start? Here are some common-sense guidelines to help prepare your organisation for a move to the cloud in a way that meets compliance guidelines for data sovereignty and data residency in your part of the world.
1. Understand your country’s rules and regulations regarding data sovereignty and data residency. Currently these laws are evolving to catch up with technology. It’s your company’s best interest to ensure you are compliant with the most recent policies and regulations.
2. Review your vendor’s security and privacy policies. Prepare questions regarding treatment of data and data movement with regard to data sovereignty and data residency. It’s your responsibility to vet your vendors on their adherence to your country’s data sovereignty and personal privacy regulations.
3. Obtain documentation from the vendor detailing their security features, certifications and protocols. Ensure their security mechanisms address cloud solutions.
4. Backup your data. When moving any data to a SaaS solution or to the cloud, ensure that your data is safe and protected in the cloud, just as your data was protected when on premise: back it up. Configuration errors, ransomware and malware threats, alongside accidental deletion are real issues to prepare for and protect against. Ensure the companies you evaluate to backup your data meet your country’s data sovereignty principles.