By: Sonia Sexton, Chief Security Officer, DP Facilities Data Centers
Data breaches and cyber attacks have been making headlines for nearly as long as the Internet has existed, and threats to private and business-critical information have become an unfortunate but accepted reality. Yet, as data has become a core pillar of digital business, the threat of these events has grown more dire, and the repercussions of improper data security have grown more debilitating. This evolving cyber security climate means that statistics are reporting upwards of 1,400 data breaches in the U.S. alone in 2019, revealing the annual number of exposed records in these U.S. breaches to total 164.68 million in that same year. Given these realities, businesses across a range of verticals are looking to build up protection against these threats so that they — and their customers — can thrive in a data-driven era.
The costs of a data breach can be extensive, and in some cases it can be difficult to recover. In 2019, the average cost of a data breach to an organization in the U.S. reached more than $8 million, and it’s likely that this number will continue to rise. Furthermore, damage to customer trust and market sentiment can spell disaster for companies looking to remain competitive. In fact, a PwC survey of 2,000 American adults revealed that 88 percent base their willingness to share personal information on how much they trust a company, while 87 percent say they will take their business elsewhere if they don’t trust a company is handling their data responsibly. Overall, in a survey about what crimes Americans were most worried about in 2019, having personal information stolen by computer hackers topped the list, with 72 percent of a group of more than 1,500 respondents having this concern. This beats out the fear of home burglaries (43 percent reported concern over this) or becoming a victim of terrorism (coming in at 29 percent).
What’s needed to protect data against malicious attacks and their impacts is comprehensive data security strategies. While the individual needs of different verticals — including federal government, banking, healthcare or other industries that deal with highly personal data — may call for different compliance measures, every business, regardless of size or sector, should be prioritizing data protection.
For some time now, the industry standard for data security site selection has meant keeping an eye out for data centers with robust physical security. This includes manned security, gated entry, camera surveillance, biometric scanners and more. Popular compliance certifications that have remained top of mind when choosing facilities include FISMA, NIST, SSAE 18, HIPAA, ISO and more. Digital layers of security like firewalls and intrusion detection and prevention software are ideal, and systems that check for advanced persistent threats are also becoming popularized as a real-time solution to data monitoring. Of course, these third-party certifications for security, effectiveness and operational integrity are still vital, and these best practices for digital and physical security are still very important. However, as hacking incidents are evolving and IT frameworks grow more complex, the due diligence behind data security is evolving as well.
Today, in the race to find the ideal home for data, one very important question is going overlooked — do you know where your data is really being stored? With the nature of cyber-crime evolving as the technology that data traverses develops and businesses grow increasingly global, careful site selection is now a core factor of data protection.
Asking where data is residing in the world while engaging in the site selection process is a step that can be overlooked for a couple of reasons — maybe organizations just don’t know to ask, or maybe a service provider is marketing regionally, so businesses assume all their infrastructure is in that region as well. For instance, some cloud providers store data ‘offshore,’ while some third-party vendors might sell in a U.S. market but host internationally. While storing internationally is not dangerous in itself, knowing the location of data storage is crucial. If your data is hosted internationally, that means that you now need to be mindful of data sovereignty, meaning that information being subject to the laws and governance of the country in which it resides. This was one issue revealed in the recent Blue leaks hack on the law enforcement community in the United States.
Data regulations differ based on geography, and depending on where the data is, this can be helpful or harmful. If data resides in Europe, for instance, GDPR (General Data Protection Regulation) in EU law can make it easier to navigate disruptive data security events due to requirements about when data incidents must be reported and how they’re responded to.
Now, this isn’t to say that one country should be a destination for all data — there is no one-size-fits-all solution. Instead, businesses should understand the importance of being wholly mindful and in-the-know about how and where data is hosted. The foundation for data security is in the infrastructure, but a truly forward-thinking organization understands that digging deeper to do their due diligence is key. Asking the service provider questions such as where the data is stored, if the data is going to be replicated anywhere, what accessing that data is like and if there are firewalls in place is the new and necessary step for end-to-end security. In truth, no data and no digital business is without risk in an age when data is so valuable, but with the right preparation and insight, the risk of falling victim can be reduced substantially.
To learn how DP Facilities’ highly compliant and highly secure data centers
can help you protect your data, please complete the form below. Let's Talk!
