Thinking

Did you know?

About 44% of security compliance team are not responsible for cloud security. Ever since the pandemic, the cloud has become an important choice for company to move forward and transform. Even with the benefits of rapid deployment, flexibility, low up-front cost and scalability, it still creates a huge amount of complexity for the IT and Security team.

Malaysia Cyber Threats

About 62% of the companies in Malaysia are seeing an increase of cyber security challenges when work from home becomes more common, as employees are trying to access company network and cloud application remotely, thus creating potential security gap. As many companies have started to adopt technology changes in their business, cyber security concern has also become Malaysia’s top priority. More than 60% of the Malaysia businesses agree that the challenges faced are data privacy, maintaining control and enforcing policies. Businesses believes that there will be an increase of cyber-attacks coming soon, which lists cloud security solutions as the top ranked investment in preparing for a post pandemic workplace.

Difference between Compliancy and Security

Cloud compliancy are designed to address perceived threats or risks. For a company to become secured and complaint means securing information assets, preventing damage, protecting data, and detecting theft. Yes, a company can protect its data accordingly, if they follow the compliances and have security in place. But to have proper protections, companies must understand that compliancy is not security; you can be compliant but not secured. 

Cloud compliancy covers data privacy regulations. Failure to meet the standards can result in fines, lawsuits, and regulatory actions. Compliancy ensures that the companies comply to the minimum security requirements. 

Cloud security, on the other hand, are the physical and virtual protections of an organization in handling data, application and infrastructure, and in preventing attackers from accessing to the company’s network. It is to protect and to defend a company information and technology assets with available technical systems and tools.

Compliancy is not the same as Security

While being compliant helps companies to set a standard for control, it does not equate to security. For example, a company that have the basic compliancy standard may have a strong password to protect their system from being access, but this does not mean they are safe from attackers using advance phishing techniques to get access to the credential information, or even to bypass the password controls. 

With a set of basic methods and tool provided by vendors, security is much simpler than compliancy. Compliancy though, is based on the company’s data type and security process. It requires a company’s security details at a moment in time and compares it to a specific set of regulatory requirements. The requirements can be in the form of industry legislation or standard, created from best practices, which can be much more complicated.

What questions should I ask when considering compliancy and security in the cloud?

  • How secured are my cloud in the apps, services, and other underlying resources?
  • Where will my data reside? Which country, which states and which data center?
  • Who will have access to my data?
  • For how long is my company required to keep the data in storage?
  • Will my data be optimized for e-discovery or in obtaining and exchanging evidence in a legal case or investigations?
  • How data subject requests on how their data is processed, stored and shared will be processed?

Still unsure of how your business can move forward? Our Cloud Professionals with take you from Cloudy to Certainty! Contact us now!

Written by Joshanna Tan | Branding & Acquisition Designer