GDPR General Data Protection
Move to the cloud and reduce your GDPR liabilities as a data processor.
What are your GDPR responsibilities?
The responsibilities placed on an organisation relating to the data it holds will be two-fold:
1. Data CONTROLLER
As a Data Controller, you will have to comply with rules concerning personal data. Where the organisation enters and maintain personal data, the organisation must comply with rules concerning:
-
Consent
-
Access
-
Retention
-
Transferability
2. Data PROCESSOR
As a Data Processor, you will have to safeguard data and ensure data resilience to a high standard. You will have significantly more legal liability than controllers if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR. Where the organisation holds data on its own servers it must follow regulation by ensuring:
-
High-level cybersecurity
-
Physical hardware security
-
Strict backup regimes
-
Firewalls and auditing
How can Cloudsis help you to
comply with GDPR?
2. Data PROCESSOR
Cloudsis can help you to reduce your GDPR liabilities as a data processor. Should your company move to a Cloud solution, part of the requirements for safeguarding the data, move to the cloud provider.
Cloud solutions offer a level of enhanced security often impossible to replicate cost effectively for small to middle-sized organisations.
All data and information processing is carried out in a secure data centre, ISO 27001 certified, so you can be sure that every action is taken to ensure security is not compromised.
1. Data CONTROLLER
Every company is the controller of its data and as such this responsibility will remain even if you move your infrastructure to the cloud. You will have to ensure that you comply with consent, access, transferability and retention GDPR requirements.
What Cloudsis have done to be
GDPR compliant?
Security Details
Cloudsis is working with and ISO accreditation provider to get the ISO/IEC 27001 certificate.
This certificate:
1. High-level cyber security
Periodical examination
Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts.
Security Controls
Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.
Overarching management
Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
2. Physical hardware security
Data centres are UK based, primary data centre in Croydon, secondary data centre in Maidenhead.
Data Centre Multi-level Security
Controls to prevent unauthorised access to the site, buildings and data halls as well as to the rack housings themselves. Systems in place to identify and react to threats, so the infrastructure is protected from theft, damage or interference.
-
Tier 3 standard
-
24/7 Security
-
ISO 27001
Power & Generators
To eliminate risk caused by outage or power failure, the site uses diverse supplier feeds from multiple grid points ensuring there is no single point of failure. The site provides N+1 redundant power systems and power feeds up to 30Kw 3 phase per rack to ensure continuous power.
-
10Kw rack power
-
ABC UPS string N+1 resilience
-
12Mw total power
Connectivity
The site houses diverse network connectivity via Dark Fibre to multiple London points of presence with 2ms of network latency, to ensure ultra-fast connectivity with low latency to London locations.
-
2ms of network latency
-
Dark Fibre networks
-
Carrier neutral
Cooling & Performance
We reduce energy consumption and costs by using ultra-efficient systems and advanced cold aisle and pod technology. We use N+2 efficient blended cooling to optimise the data centre environment to a designed PUE of 1.3.
PUE of 1.3
Cold aisle containment
Ultra-efficient
Fire Detection & Suppression
Ensuring our infrastructure and customer equipment operate safely is one of our greatest concerns. The facility is equipped with VESDA fire detection which continuously samples the air for smoke particles. In the event of an alert we have installed a FM200 suppression system.
VESDA fire detection
FM200 suppression system
3. Strict Backup regimes
Cloudsis solutions use a full daily back-up on a rotating 30-day cycle.
Business Continuity
Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts.
Cloudsis utilises IBM Storage Area Network (SAN) systems. This means that if one physical machine fails then the second system kicks in without interruption to the service.
A traditional back-up is also taken and the secondary SAN unit stores these daily back-ups using an enterprise back-up solution which is based on Veeam. These back-ups run over our link between our Data Centres so that customer data is backed up to an offsite location.
Cloud solutions brought to your by Cloudsis are provided in line with the ISO 27001 Security Standard.
4. Firewalls and Auditing
Advanced Security
Systems are protected by Netscaler Hardend Devices and Untangle firewalls,. Penetration tests are run on a monthly basis. Antivirus and Antispam are provided on all systems.
Cloudsis are also in the process to be Cyber Essentials accredited.
We can also help you to protect your local infrastructure
IoT, Internt of things
With the proliferation of IoT, internet of things devices, the attack surface for hackers has increased massively. Traditional antivirus software was designed on the assumption that there were just a few operating systems. Now, because of IoT, there are thousands. Network security tools are becoming increasingly necessary in a world where everything - from lamp-posts to lawn sensors - is becoming Internet-enabled.
How many unsecured devices are connected to your network?
These include security cameras, elevators and seemingly innocuous gadgets such as tills, printers or power supplies amongst others. Businesses typically underestimate by 30% to 40% how many devices are linked to their network. These unidentified devices could definitely have been access points for hackers who could have then found how to control critical assets on your network. Once they have acces hackers could steal sensitive data, encrypt it, then demand a ransom for its safe return.
Even if you work in the cloud your local network may be at risk.
Cloud providers have normally thousands of security controls governing its services that are periodically updated to tackle new threats. Data is also protected through encryption and sharding.
Does this mean that your company is safe? The answer is no. Your local network is still at risk, and it is vital to protect it and analyse the behaviour of all the connected devices to detect possible anomalies.
GDPR implications
According to the new General Data Protection Regulation, as a Data Processor, you will have to safeguard data and ensure data resilience to a high standard. You must have a cyber resilience strategy in place to reduce the risk of data breaches. It should include enterprise-grade tools as robust firewalls, anti-malware/virus tools and monitoring against hacking and staff visiting suspicious phishing websites. If you fail to comply with the Regulation you could find yourself being fined up to €20 million or 4% of your company’s global annual turnover, whichever figure is larger, and your reputation could be seriously damaged.
Would you like to see our Cloud solution?
Book a demo
with one of our consultants
