The document discusses the importance of GDPR compliance for organizations using cloud services, revealing that a significant majority of IT professionals store sensitive data in public clouds. It outlines necessary steps for compliance, including data protection audits, ownership of encryption keys, and strict access controls, while emphasizing that basic security measures are insufficient. The document highlights how failure to comply with GDPR can result in high fines, urging businesses to involve all departments and collaborate with specialized service providers for effective compliance.

1. Is your cloud GDPR compliant?
25th
May 2018, Friday is nothing less scary for many as Friday the 13th
. Well, at least for
those who are struggling to meet the compliance requirements of GDPR.
It was revealed in the RSA Conference 2018 that 97 percent of worldwide IT professionals are using
some type of cloud service. It further revealed that more than 80% organizations store sensitive data on
public cloud. Right from customer information, information about IPs, network pass cards, personal staff
data and more – all of it is available on the cloud. Organizations trust their cloud service providers and
are unlikely to decrease their cloud investment in the years to come. Malware and other security
concerns continue to mar the adoption of cloud but if a cloud service provider follows some of industry’s
best practices, it is unlikely that they will have a dire situation as far as cloud security is concerned.
https://cdn.pixabay.com/photo/2018/02/11/23/45/cloud-3147119_960_720.png
If cloud service providers follow DevOps and DevSecOps can help reduce the data breaches and improve
code quality. Automation is also known to reduce the exploits and vulnerabilities. With a single platform
to manage multiple cloud services can help reduce the complexity of managing security.
It looks like that just encryption and authentication are not enough to control data breaches. These are
just basic security practices that are inadequate to protect workloads. As we are already aware that EU
has taken a huge step to enforce data protection. The General Data Protection Agreement (GDPR) is
EU’s move in the direction. On 25th
May 2018, GDPR tenet will become effective and will give the right
to an individual to protect his/her data.

2. GDPR is expected to adversely affect public cloud service providers and teams dealing in enterprise
compliance in that region. Every business must meet a threshold requirement to be GDPR compliant. If
anyone breaches GDPR requirements, the fine is quite high (in Euros of course). There are many
companies that provide services across the globe and they must meet the requirements of GDPR as well.
For example, AWS and Google, major public cloud service providers, are taking some serious action to
meet the GDPR requirements. But unfortunately, the use of compliant cloud service will alone not
suffice.
The basic requirement of GDPR is for organizations that initiate the personal data collection or are cloud
environment operators should be able to provide proof that data is protected at all stages that is while it
is in transit or processed or stored.
Key steps to ensure GDPR compliance
• Perform a thorough data protection audit and ensure that the primary cloud provider using on-
premises or other applications are compliant to the need of GDPR
• You must own the encryption keys for data sets that your business owns. Even backup encryption
requires you to review the compliance report from your software vendor, if necessary
• Apply all possible encryption and authentication standards to all the personal data of users that you
might be dealing with. Most of the cloud service providers will provide you with the apt tools and
services that can help with this
• You must be careful about who can access the personal data. Limit the access of sensitive data and
create stricter norms for fewer eyes for the user data
• You can also deploy software that can help you to manage accessibility and detect any intruders to
the software. It is nearly impossible to stop all attacks but it can detect a few.
• Take help from specialized service providers who can help your business to comply with the GDPR
standards. It might cost you a fee but it might be better than paying a hefty non-compliance fee
GDPR is a commitment and meeting its requirements need all departments to be involved. As far as your
cloud hosting service provider is concerned, you must have a contract with them that defines all the
security standards and requirements clearly. If you wish to discuss more about GDPR or its impact, we
are waiting to hear from you.
To read it online, please click here: http://www.anythingcloud.com/blog/cloud-gdpr-compliant/