Displaying items by tag: GDPR

More than 90% of Australian IT decision-makers, who took part in a survey that looked at their readiness to meet the standards of the EU General Data Protection Regulation, that takes effect on 25 May, have admitted that their companies are not yet ready to meet the standards demanded by the new law.

The Australian Senate has reversed its position and backed a motion by the Greens calling for the adoption of more stringent privacy protections in line with the EU's General Data Protection Regulation, acknowledging that it is world's best practice.

Facebook does not appear to have changed its attitude to user privacy in any way despite all its recent troubles, with the company having decided to avoid providing the protections afforded by the EU General Data Protection Regulation to nearly 70% of its registered users worldwide.

The Australian Greens have called on the Coalition Government to update privacy protections to stay in line with the European Union's General Data Protection Regulation that is scheduled to take effect on 25 May.

The chief data protection officer at a French cloud computing company says it is a pity that different countries and regions are coming up with data protection laws that are not uniform, making their implementation more complicated, especially for international companies.

The European Union is, for once, reportedly drafting legislation that would meet with approval in the US, seeking to force commercial entities to provide access to data, no matter where it is physically stored.

•    Australian (43%) businesses are about as careful as Indian (49%) but more careful than Japanese (31%) businesses when sharing sensitive information with 3rd parties in the cloud environment

•    Only a third of Australian businesses are proactive in managing compliance with privacy and data protection regulations in the cloud environment

•    61% of respondents in Australia are not confident that their organizations have visibility into the use of cloud computing applications, platform or infrastructure services

•    57% of Australian respondents believe it is more difficult to protect confidential or sensitive information in the cloud

The findings

Gemalto, the world leader in digital security, can today reveal that while the vast majority of global companies (95%) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions.

The findings – part of a Gemalto commissioned Ponemon Institute “2018 Global Cloud Data Security Study” – found that organizations in Australia (46%), the UK (35%) and Japan (31%) are less cautious than those in Germany (61%) when sharing sensitive and confidential information stored in the cloud with third parties. The study surveyed more than 3,200 IT and IT security practitioners worldwide to gain a better understanding of the key trends in data governance and security practices for cloud-based services.

Germany’s lead in cloud security extends to its application of controls such as encryption and tokenization. The majority (61%) of German organizations revealed they secure sensitive or confidential information while being stored in the cloud environment, ahead of the US (51%) and Japan (50%).

Crucially, however, over three quarters (77%) of organizations across the globe recognize the importance of having the ability to implement cryptologic solutions, such as encryption. This is only set to increase, with nine in 10 (91%) believing this ability will become more important over the next two years – an increase from 86% last year.

Managing privacy and regulation in the cloud

Despite the growing adoption of cloud computing and the benefits that it brings, it seems that global organizations are still wary. Worryingly, half report that payment information (54%) and customer data (49%) are at risk when stored in the cloud. Over half (57%) of global organizations also believe that using the cloud makes them more likely to fall foul of privacy and data protection regulations, slightly down from 62% in 2016.

Due to this perceived risk, almost all (88%) believe that the new General Data Protection Regulation (GDPR), will require changes in cloud governance, with two in five (37%) stating it would require significant changes. As well as difficulty in meeting regulatory requirements, three-quarters of global respondents (75%) also reported that it is more complex to manage privacy and data protection regulations in a cloud environment than on premise networks, with France (97%) and the US (87%) finding this the most complex, just ahead of India (83%).

Head in the clouds

Despite the prevalence of cloud usage, the study found that there is a gap in awareness within businesses about the services being used. Only a quarter (25%) of IT and IT security practitioners revealed they are very confident they know all the cloud services their business is using, with a third (31%) confident they know.

Looking more closely, shadow IT may be continuing to cause challenges. Over half of Australian (61%), Brazilian (59%) and British (56%) organizations are not confident they know all the cloud computing apps, platform or infrastructure services their organization is using.

Fortunately, the vast majority (81%) believe that having the ability to use strong authentication methods to access data and applications in the cloud is essential or very important. Businesses in Australia are the keenest to see authentication put in place, with 92% agreeing it would help ensure only authorised people could access certain data and applications in the cloud, ahead of India (85%) and Japan (84%).

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security said Graeme Pyper, A/NZ Regional Director at Gemalto. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

For more details, download the “2018 Global Cloud Data Security Study”.

About Gemalto

Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2016 annual revenues of €3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.

From secure software to biometrics and encryption, our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.

Gemalto’s solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software – enabling our clients to deliver secure digital services for billions of individuals and things.

Our 15,000+ employees operate out of 112 offices, 43 personalization and data centers, and 30 research and software development centers located in 48 countries.

For more information visit www.gemalto.com, or follow @gemalto on Twitter.

Digital security firm Gemalto last month released its “2018 Global Cloud Data Security Study” report, commissioning the Ponemon Institute to perform the research, surveying more than 3200 IT and IT security practitioners worldwide.

Australia is the easiest place for workplace monitoring among 15 mostly Western countries surveyed, the security firm Forcepoint says, based on data collected by the legal firm Hogan Lovells.

American security intelligence company LogRhythm has released a module to make its security solution fully compliant with the European Union's General Data Protection Regulation that is scheduled to come into force on 25 May.

Acronis president John Zanni notes the only constant in the world is change, which is especially so in the world of tech. So what changes can be expected in 2018?

The level of ignorance within industry about data protection laws has been underlined by a survey that found nearly three-fourths (69%) of companies believed that their cloud provider was taking care of all data privacy and compliance regulations and also protecting the company's data in the cloud.

BlackBerry has launched new cyber security consulting services with particular focus on General Data Protection Regulation compliance and connected automobile security.

Employees must be told by companies if their corporate email accounts are being monitored, the European Court of Human Rights has ruled.

Cyber security firm Forcepoint has added new security capabilities to its cloud security applications aimed at providing protection for business and government employees plus data and IP against ransomware and phishing attacks.

The root cause of data breaches in a company tends to be personnel, according to the chief executive of enterprise information protection firm TITUS, who says his company looks to tackle this aspect of data security first.