In a world ruled by data, it is frightening to think how few people take protecting their information seriously. While it has become easy to share everything from an email address and mobile number to more sensitive personal information, what are the consequences of not safeguarding data?
The likes of GDPR and the recent CCPA, as well as similar requirements around the world, are forcing organizations to take the necessary steps to protect data and manage it properly. But when it comes to individuals, whether consumers or employees, more needs to be done to educate them on the seriousness of a compromise or not having backups in place. This is a much more relevant concern for any organization that is in the midst of a digital transformation. If you are correctly transforming digitally, the need for resilient backup and recovery techniques requires strong safeguarding of critical data. This becomes a more essential matter as organizations are pressed to retain data longer and more organizations are subject to data being under the purview of regulatory or compliance guidelines.
Although this heightened data regulation helps keep organizations in line with legal requirements, consumers do still carry a responsibility for protecting their personal data. This data can take the form of photographs, documents, and other important records that are increasingly stored on cloud-based services in addition to identification numbers, bank details, and so on. One easy place to start is the shared responsibility model for most cloud services; it puts the responsibility of data solely in the hands of the cloud subscribers.
Question Everything
It all starts by questioning everything in the digital world. People need to understand what they are agreeing to and the trade-offs involved, especially when it comes to mobile apps and freely available services. The majority simply accept the terms and conditions without reading them through. While not accepting them may mean being unable to use a specific app or service, that may be better than the alternative of having personal data spread across the web. This is especially true in the case of anything free. Ask yourself, “Why is it free?” and then you may think twice before unknowingly handing an organization all of the peripheral data that your smart device can provide them.
And being cautious does not necessarily mean focusing only on the cloud. A person must consider the implications of older technology. Just think of all those flash drives people have lost over the years. Some might contain innocuous bits of data, while others could provide a malicious user with a treasure trove of information that can be used to compromise a person.
The popularity of FaceApp put the spotlight on the rights of the individuals and what companies can do with their data, in this instance, their photographs. Some argued that this was a form of spyware that could store people’s personal photos on their servers for perpetuity. Cynics counter-argued that if a site such as Facebook already has that information, what difference does it make if others have it as well?
These examples are not limited to public social media sites. Consider businesses that partner with other organizations in various ways—is that data tended to in the same way?
Regardless, people should bear in mind that even if they are using trusted platforms such as Apple, Android, and Microsoft, it does not mean that every app they are using is secure. The app stores simply cannot check all security aspects of any given app. In the case of FaceApp, if a person is unsure about the merits of sharing photographs, then it is advisable to simply not install the app.
These examples are mobile-first, but organizations need to consider that these types of scenarios can also apply to cloud and data center workloads and data.
Public Cloud = Natural Choice
Every organization should be in some stage of a journey to one or more cloud technologies. The natural subsequent consideration with the platform selection is to examine the changes associated with all data management, data protection, and disaster recovery (DR) contained in the public cloud. Specifically, organizations should consider the complete platform selection as a comprehensive pairing of cloud-native services and protection techniques to meet the same objectives that are on-premise: Reduce down time, avoid data loss, and recover quickly from any type of operational outage.
Compared to on-premise IT deployment, a recommendation is to have the backup and DR practices implemented and standardized before services are deployed in the public cloud.