Location counts in cloud computing. Some cloud computing users have been surprised to learn that governments and bodies like the European Union as well as certain industries have specific rules about what data can be stored in the cloud. When you think about it, it makes sense. Most of these restrictions are for files that contain information about the public good or business policy that should be tightly secured. Certain sensitive personal data should not be exposed to the cloud. This personal information is called Personally Identifiable Information (PII).
Jurisdiction and PII
There are a number of restrictions that apply to PII. This data must remain physically within the jurisdiction. This data needs to be protected from viewing or change while the individual is in transit. Additionally, PII must have the same protection where it is stored. The bottom line is that PII cannot be physically transmitted from beyond the jurisdiction for any reason. The EU has now notified its members about these restrictions for PII and other sensitive data.
In considering cloud computing, some of the many benefits include the flexibility. In other words, the cloud allows users to access the central database from any location in the world. So, given that governments and entities like the EU have restrictions on PII, how can companies benefit from this technology? The answer is that all other data can be extrapolated and used while PII is protected. Cloud developers have addressed this policy in a number of ways.
- Intercept data – The user can intercept certain data like e-mail addresses, fields and documents while they are in transit with the platform
- Certain data can be encrypted and that data can be accessed regardless of location. Data can also be decrypted or stored as encrypted in the user’s own network or in an FTP server
- A limitation of this solution is that not all field types are supported. Data in the protected PII fields will be encrypted and therefore safe from view
For records that are not encrypted, when the user is finished, he or she will have to send the documents back through the same servers. Only the designated serves will have the encryption keys. One of the risks of this process is that the user may receive embedded text within scrambled dashboard images.
However, it should be understood that many cloud providers have developed new algorithms that preserve total functionality. Encryption algorithms, encryption key management and data type support along with web services support, API support are elements that can differentiate offerings. The cloud permits access to up-to-date information, other than PPI, from anywhere on the planet. PCI Circle, PCI-DSS specialists with cloud-based software solutions, are able to completely descope a businesses call centre from PCI compliance using their own unique software and can significantly reduce the cost of achieving PCI compliance.
The future is certainly bright for digital security firms as a plethora of everyday business services become more and more reliant on the cloud.