Weekly comment on the pressing IT issues.
For those in the property business location is of primary importance. So much too that it’s often repeated in triplicate, to reinforce this point. The IT industry for many years has been the polar opposite. With the continuing wiring of the world and speeds of connectivity ever increasing, the actual physical location of data appeared irrelevant.
Whether your data resided on your own in-house servers, in a co-location facility or up in the cloud in a data centre that could be located almost anywhere, location was really irrelevant as long as it could be accessed.
Things are now changing, as regulation and concerns over cybercrime increase, data sovereignty the concept that data is subject to the laws of the country in which it is physically located, is an increasingly key consideration for UK CIOs. This was highlighted by Information Age, on their website as the posed the question, “How can CIOs address data sovereignty?”
They reported on how a recently released report from Trustmarque, stated that 73% of CIOs are claiming to be concerned about the issue of data sovereignty when migrating their IT infrastructure to the cloud. As many cloud providers have data centres all over the world this can cause problems for UK organisations who are in heavily regulated industries such as the public sector and financial services who have requirements to ensure that their data is stored by cloud providers within the UK’s geographical borders.
With the new GDPR legislation now only a few months away from coming into force, more companies will have to consider the physical location of their data, to ensure compliance. The key for them all is to choose a cloud provider who can ensure UK data sovereignty.
If UBER, the US-based ride-hailing service, had been subject to GDPR legislation when they suffered their recently reported data breach then they could have been looking down the barrel of some significant financial penalties. Fines of 4% of global annual turnover or €20 million euros (£18m), whichever is higher, will be levied on a business who suffers a data breach in the UK from May 25th, 2018.
The BBC discussed with the Information Commissioners Office, the body responsible for enfacing and policing GDPR in the UK, how the UBER data breach that saw the exposure of 57 million customers details, was of great concern.
It appears that UBER did not inform anybody of the breach and then even took the dubious steps of paying a ransom to the hackers who perpetrated this crime to try and cancel it. The ICO will be working with the National Cyber Security Centre (NCSC) to determine the scale of the breach and how it affected people in the UK.
Cybercrime is sadly an ever-present and increasing menace to businesses of all sizes across the globe, with the UBER case further illustrating that everybody, irrespective of size is at risk. But it’s not all bad news.
The recently published IBM 2017 Cost of Data Breach Study (UK), independently researched by the Ponemon Institute, has stated that the time it takes to identify and contain a data breach is falling. This is the second year in a row that the cost has dropped, having steadily increased over the past decade.
Peaking at a cost of £104 per capita cost in 2015, the 2017 figures have seen it drop to £94. This is still very high but is heading in the right direction.
This decline, according to the report, can be attributed to investments in security technologies like security analytics, SIEM, enterprise-wide encryption and threat intelligence sharing platforms.
It would appear that keeping a close eye on what these threats are and more importantly, where they are coming from both of which are key elements of functionality in a managed SIEM solution, can make a tangible financial benefit to a business that is determined to mitigate its risk of cybercrime.
More justification, if it was needed, to agree with the property industry on the benefits of location, location, location within IT.