Intelligent CIO APAC Issue 25 | Page 55

This is a step in the right direction and redresses some of the risks associated with holding sensitive data in cloud environments . Yet it does not address the emerging demand from customers and governments for organizations to retain sovereignty over critical data and digital assets .
Ultimately , whoever holds the key has access to the data itself . To operate safely in the cloud , retaining control over who , what , when and where data is visible will become an executive or regulatory mandate .
2 ) Understand your data
Only 16 % of organizations across the APAC region have complete knowledge of where their data is stored , according to our 2022 Data Threat Report . Furthermore , the World Economic Forum estimates that over 92 % of all data is stored on servers owned by US-based companies .
Before companies even think about compliance , regulations and rules , they must consider how and where data is stored .
Migrating data to the cloud means companies will need to select options for replication and backup , which in many cases will involve storing data in another geographical location . Ensure that you can specify the region in which data will be stored and understand the regulatory requirements of each region .
Who has access to sensitive data inside a corporation is another hurdle for organizations . For example , if an employee based in Australia accesses sensitive EU protected data inside his own organization , this could be considered an ‘ export ’ of sensitive data and an infraction of the GDPR rules .
Losing control of data is an escalating anxiety for businesses and governments all over the world yet they often overlook data in transit . It is essential to understand data flows because they relate to how data is being collected and processed . It is especially important to understand data sovereignty in the source and destination region , and if there are legal issues , adjust data flows to ensure it ends up in the most appropriate legal jurisdiction .
3 ) Use security cloud key repatriation
For organizations that want to start the sovereignty recovery journey of data stored in the cloud , they need to look at taking back direct control over the keys that secure it . The good news is that it ’ s quite simple to achieve with the right approach .
It involves using a cloud key management solution to
synchronize cloud keys with an external key ‘ security ’ and management platform .
This cloud key repatriation , while not giving you direct control over existing cloud keys that have already been created and deployed , gives you visibility into all cloud keys your organization has and where they are held and used .
Complexity – the enemy of good security
One of the key lessons learned from the pandemic is that security strategies must be sufficiently agile to respond to a rapidly changing world , but flexible enough to deal with the hybrid nature of infrastructure , applications , data and users as both work-fromhome and cloud become permanent fixtures . For all their benefits , cloud computing and remote working environments have layered on considerable complexity , which has always been the enemy of good security . p
Brian Grant , ANZ Director , Thales Cloud Security




www . intelligentcio . com INTELLIGENTCIO APAC 55