Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
  • Evolution not revolution in Cloud Computing

    By Vincent Naughton on October 5, 2015

    This summer, about fifty people gathered at the Dublin Chamber of Commerce for the Information Security Management Seminar (ISMS) to hear experts discuss information security, data privacy concerns and cloud computing. Those experts were Paul Hogan, CIO, Ward Solutions and Michael Brophy, CEO of Certification Europe. Data Privacy Concerns and Cloud Computing Paul Hogan was...

    • Insights
      Paul Hogan, CTO, Ward Solutions, who spoke at the ISMS Seminar this summer
      Paul Hogan, CTO, Ward Solutions, who spoke at the ISMS Seminar this summer

      This summer, about fifty people gathered at the Dublin Chamber of Commerce for the Information Security Management Seminar (ISMS) to hear experts discuss information security, data privacy concerns and cloud computing. Those experts were Paul Hogan, CIO, Ward Solutions and Michael Brophy, CEO of Certification Europe.

      Data Privacy Concerns and Cloud Computing

      Paul Hogan was first up and addressed data privacy concerns that businesses may have when it comes to cloud computing. First up, the basics: what is cloud computing? Well it depends on who you ask and you are guaranteed there is lots of terminology involved.
      There are a number of different types of cloud and ways to use it. These include Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud types include public, private, hybrid and community.

      Cloud computing: Evolution not Revolution

      Cloud computing, Paul explained, is an evolution not a revolution.
      “From one perspective, Cloud has evolved from an internet service provider (ISP) offering to infrastructure as a service (IaaS),” he said. “We know it has benefits such as cost reduction, greater access to applications, providing greater flexibility and availability. Take a simple example such as a cloud-based email service – it’s easy to see these benefits when compared with the traditional approach of building an internal mail infrastructure.
      Paul referenced the fact that people are “scared” of cloud and hears many questions like, “should we be concerned about security?”. The answer, he says, is yes, and stressed the importance of securing information in the cloud, when at rest, when in transit and on the various end user devices accessing the data.
      If you consider data protection as a data controller, defined as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data, there are a number of responsibilities.
      Ensure the data has been fairly obtained, for a specified and lawful purpose. Ensure the data is not incompatible with the purpose, ensure it is safe and secure, accurate and up to date, as well as being adequate, relevant and not excessive.
      It is also the data controller’s responsibility to ensure the data is retained only for as long as necessary and to provide a copy to the indivual on request.

      How to best protect your data

      Paul Hogan also shared actions to undertake in order to best protect your data, including:

      • Establish criteria that you expect from Cloud Service Providers (CSPs)
      • Procure suppliers and partners in accordance with your established criteria
      • Have written contracts, both SLAs and PLAs
      • Carry out due diligence
      • Focus on security and location of personal data in the cloud

      Information security is not just password protection. 

      Michael Brophy, CEO, Certification Europe, spoke on how reliant our society is on information security. Information security is not just password protection, as Michael pointed out, it extends to air traffic control and flight plans, ATMs, and even the assurance that when you call 999 someone will answer.

      Confidentiality, integrity and availability

      There are three facets to information security; confidentiality, integrity and availability, Michael explained.
      For example, when it comes to air traffic control and flight plans, the information needs to be 100% accurate and 100% available in order for ground control to liaise with the pilots and ensure air travel safety. Similarly, when you use an ATM, you want to be sure that you always have access to your money, and that nobody else can access your account with their card.

      Information security is becoming all prevalent.
      “Organisations today have a far greater quantity of information and data. The data volume is going to increase exponentially into the future. There are lower prices than ever for memory. It is becoming cheaper than ever to get, keep and process information,” Michael continued.
      Companies are also exchanging information more frequently and there is an increased focus and need for “speaking a common language” when it comes to information security.

      “The common language among companies when it comes to knowing information will be kept secure is the ISO 27001 standard. It lets you know that companies are going to keep information safe, and that they will comply with information and data safety standards.”
      To give you an idea of how necessary companies seem to find a “common language” when it comes to conversations on information security, in a period of just 5 weeks during 2014, Certification Europe dealt with more ISO 27001 standards than in the whole of 2009.

      Sources for guidance:

    • Latest Blogs