Posts Tagged ‘data security’
Data privacy is one of the hottest topics in all industries globally. Understanding the critical due diligence from a data privacy and sovereignty perspective will help mitigate risk.
Privacy is not a security issue
Today, we face other and more complicated challenges than ever before regarding data privacy. Privacy is not a matter of security. Privacy concerns the contents of data -personal data- and its storage, transfer, access and processing methodologies. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.
In this day and age tech-disruption causes new business models requiring even profounder use of data; leading to increased transfer of vast amounts of personal information across borders. GDPR and other data protections laws are being implemented to protect data from misuse, respecting the rights of the data owners. The rules are strict but data-privacy shows itself to be a wheel with many spokes.
The new currency
Data is currency, and the sense of urgency surrounding this is obvious; worldwide regulations develop fast and data leaks easily get in the eye of the (social) media storm causing heightened concern about privacy risk. The sanctions of the GDPR (4% of global annual revenue) will even hurt giants like Google, Apple and Microsoft. Times will change in benefit of privacy for the individual but conflict in data protection rules per country cause a bottleneck for business.
Challenges are plenty Read the rest of this entry »
We are happy to announce that we have started a strategic partnership with Northwave to offer clients advanced managed security services. LeaseWeb clients are now able to put their IT environments under the permanent protection of the Northwave Computer Emergency Response Team (CERT).
The partnership is set up to guide and advise LeaseWeb customers on all security related topics.
The new security services are delivered as a tailor made extension to the Leaseweb Private Cloud, Dedicated Hosting and co-location services and available December 1st 2016.
For more details, read our press release here.
Along with NetApp, we have hosted a round table discussion around “Data Privacy and Data Sovereignty: the challenges in the Cloud”.
Special guest speaker for the evening was Sheila FitzPatrick – Global Data Governance Counsel and Chief Privacy Officer at NetApp.
Sheila is one of the world’s leading experts in data privacy laws and works closely with the US Government, Council of the European Union, country-specific data protection agencies in Europe, Asia/Pacific, and America, as well as, National Works Councils, European Works Councils and Law Enforcement Agencies. She provides expertise and hands-on experience in the areas of global data protection compliance, data sovereignty, cybersecurity regulations and obligations, legal issues associated with cloud computing and big data, data breach compliance and management, and records management.
Data privacy is one of the hottest topics in all industries across the globe. Understanding the critical diligence from a data privacy and sovereignty perspective (as opposed to security) will help mitigate the risks as you embark on a cloud journey.
We would like to thank to all the attendees for their valuable contribution to the discussion. Here is where you can read more about the outcome.
In today’s hyper-connected world, it has never been more important to address and mitigate security threats to your business. The shift to cloud services has increased substantially over the past few years and it is vital to understand how to reduce the risks that come with the move to this platform. More than 90% of internet traffic will be video within two years. The ratio of connected devices to internet users is projected to be 10:1 by the year 2020. With such a high level of connectivity, outages due to cyber security threats can cost a company up to $100,000 per minute.
The most common threat to cloud users are distributed denial of service (also known as DDoS) attacks. Studies show that targets are not limited to some specific activities but rather that every organization is a potential target. The top four reasons for attacks are:
- Hacktivism illustrated by Anonymous or Wikileaks organizations.
- Cyber warfare in order to destabilize a foreign government or an election.
- Cyber espionage to steal intellectual property of a competitor.
- Cybercrime in the form of cyberextortion, in which an attack or the threat of an attack is coupled with a demand for money to prevent or stop the attack.
Cybercrime is responsible for over 65% of attacks. It does not matter how large or small your cloud footprint is, everyone is at risk as no segment of activity is immune to attack. With an ever growing array of targets, attacks are becoming more sophisticated. Multi-vector attacks are becoming more aggressive than before with an 84% increase in multi-vector attacks over the past few years. It is also easier than ever to launch an attack due to the availability of tools that do not require special knowledge. One does not need to be a security expert to launch a damaging attack. Events of last week show that the growth of IoT (Internet of Things) is making us more vulnerable as personal devices such as webcams were used as weapons to bombard major sites like Netflix and Twitter with millions of requests. Read the rest of this entry »
The only way to stay safe on the internet is by helping each other minimize security risks. So as a precaution, I want to make you aware of a situation that could possibly affect you.
There are currently several databases available on the internet containing personal data such as e-mail addresses, user names and associated passwords. Lately, our security teams have noticed an increase in attacks attempted by unauthorized parties using this data.
In order to protect yourself, we recommend everyone to take the following actions if you haven’t done so already:
“Should we keep IT security in-house or is it better to outsource?” This has long been a thorny issue for organizations. Recently, it was one of the most important topics during a LeaseWeb Security Round Table with customers and I’d like to share some of the things I learned.
The discussion immediately took off following a statement from one of the participants, an end user: “In the Netherlands, the mantra is to focus on your core business. I dare to differ. I always learned that when operations are critical to your organization, you should keep them close. If security is critical to your company, why outsource it? If you outsource, you disconnect it from your company. What do you think about this?”
On January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.
A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.