twitteryou tubeacpRSS Feed

For cloud providers, Protection of Personal Information Act 2013 (PoPI) serves as a vital opportunity to differentiate from competitors by offering a watertight solution to data security

The spectre of PoPI looms ever closer, and while some companies will see the new regulation as something of a headache as they work to get their data management procedures in order, the threat of serious sanctions for those failing to comply gives a new perspective on the importance of data security.

Forcepoint regional manager for Sub-Saharan Africa, Christo van Staden, said that while much of the new regulation will be a fairly straightforward evolution – or hardening – of existing processes, it will still represent a new challenge for companies with small IT teams or whose expertise doesn’t lie in data security.

In the past, it was easy enough to outsource data management. However, PoPI will require an added level of trust for those companies outsourcing the storage and processing of sensitive data they hold on individuals.

“If a serious breach occurs at your third-party data processor, for instance, you need to be able to trust that they’ll inform you promptly and work with you to fix the problem,” he explained.

With the stakes increased by PoPI, some businesses will be more wary about which third-party suppliers they choose to bring in. They’ll have to ask their suppliers tough questions, and should receive transparency in response. This isn’t an opportunity for data processors to pull the wool over their customers’ less-experienced eyes.

This is particularly the case for companies looking to transfer their data management to a cloud-based solution – whether it’s PoPI that prompted them to seek a more secure, flexible solution or not.

Today, however, that thinking has come full circle. Cloud traffic is growing rapidly – with an expected three-times increase in the years from 2016-2021. People who trust public cloud now outnumber those who don’t by a ratio of 2-to-1, according to a recent Intel security report.

For companies that haven’t yet made the move, it’s often an issue of control that holds them back. This is particularly the case if they’re used to being able to apply specific protocols and hashing algorithms to their on-premise infrastructure. Moving to cloud provision, and provision via a third party, can feel like losing control.

Additionally, there can be an issue of even knowing where your important data lives (pretty key if one plans on transferring it elsewhere). In their current on-premise model, companies might not know exactly what data is where and how it should be classified.

Multiple recent reports have highlighted the potential dangers of misunderstanding this process.

“Needless to say, cloud service providers have a role to play here. Of course, they’re there to provide data inventory tools and services to help fingerprint and hunt for data in customers’ networks, and to encrypt data for secure transfer (you haven’t gone to all the hard work of locating your data only to send it over the internet without encrypting it) – but there’s important work to be done before this too,” he said.

Cloud service providers have a responsibility to be transparent with their customers. When a business is going through a procurement process and requesting information to help them figure out which provider to choose, the onus is on the cloud provider to be absolutely honest about what they can and can’t do. The stakes are simply too high to behave in any other way.

“At Forcepoint, we’ve set up a cloud trust programme within our business so we have the ability to instil confidence in our clients. It’s aimed at ensuring not only that our company is being assessed for all of the most valuable certificates and accreditations available from industry bodies, but that our customers are able to check that we have earned those certificates to the extent that we’re claiming. We consider this programme essential to our customers and ensuring they are PoPI compliant,” he concluded.

Ultimately, PoPI is a response to the increasing prevalence and significance of sensitive data to the functioning of our businesses. And security is arguably the most important aspect of all.

Most Read

Latest news