As Canadian organizations begin to cautiously plan for a reopening of the economy, many are identifying a shift to the cloud as a key priority that will underpin several operational tasks. During a recent webinar: Canadian Data Residency and a Secure Switch to the Cloud, Megha Kumar Research Director, Software and Cloud IDC Canada highlighted the benefits of switching to the cloud and demystified some common compliance and security misconceptions.
According to research from IDC, 43% of organizations that wish to open up their facilities following the pandemic, wish to accelerate their shift to the cloud. This is partly in response to the rise of the post pandemic hybrid working conditions that will drive organizations to seek technical parity across their workforce, thus ensuring that those remote, semi-remote and office-based staff have the same capabilities to achieve their tasks.
What are the triggers for the utilization of cloud services?
Although the rapid shift to remote working during the pandemic accelerated the migration to the cloud for many organizations, some of which found their IT capabilities unable to facilitate a diasporic workforce, there are a number of other business challenges that prompt Canadian organizations to consider upgrading their legacy technology infrastructure, such as:
- Managing budget constraints
- Managing entities across different territories
- Support for digital transformation initiatives
- Security and availability requirements
- Data visibility for strategic decision making.
How secure is the cloud?
As these common business needs continue to drive Canadian organizations towards the cloud, senior IT decisionmakers are under pressure to answer stakeholders’ questions about the benefits of the cloud. As one would expect ‘how secure is the cloud?’ is a query that is front of mind for many.
“I always say, ‘no conversation about cloud is ever complete without talking about security’,” explains Megha Kumar, Research Director, Software and Cloud IDC Canada. She continues, “It previously used to be one of the biggest concerns while moving to cloud, but now our research shows that security is what organizations achieve by moving their applications to the cloud.”
Businesses reap the benefits of security from switching to the cloud in a number of ways.
Cloud providers can rollout their security feature updates to customers remotely and rapidly. No more disks, drivers, or DIY software patches.
It’s in the best interest of cloud providers to be rated highly by industry and government bodies, so that they can stay ahead of their competition, and also avoid any penalties for breaches of security regulation. Ultimately, the customer benefits from this act of compliance and can rest assured knowing their chosen solution is secure.
Another advantage that the cloud has over on-premises solutions is the ability to isolate and cut of any threats to one specific component or system before it becomes a widespread problem. This is in part achieved by implementing custom monitoring protocols that can be adapted to the security needs of any organization.
Security is a shared responsibility
Yes, it is in the interest of the cloud provider to offer the most secure solution possible, but that does not absolve you the customer of addressing security concerns for your own end users.
“There’s a certain level of misconception amongst organizations who think ‘the moment I move my application to the cloud I am absolved of all responsibility, I don’t need to worry about it’. This is not the case. You have to think about the notion of shared responsibility,” says Megha.
The aspects of security that can fall under the responsibility of you the customer, can include data protection and access management. Canadian organizations need to work with their cloud provider to ensure that they are being offered a solution that will help them remain compliant. This is also important from a reputational standpoint too, as in the case of a breach or disruption of service, your customers are likely to hold your company accountable and not your cloud service provider.
Understanding data residency
Data residency refers to the physical or geographic location of an organization’s data or information. Data residency is often discussed in relation to data sovereignty, which is the legal or regulatory requirements imposed on data based on the country or region in which it is hosted. Put simply, Data residency is where your data lives, and data sovereignty is the laws it has to follow.
Data residency laws differ from country to country and in the case of Canada, province by province. It’s the responsibility of an organization to remain compliant in the jurisdiction(s) in which their data resides. The strictest data residency laws relate to government and federal organizations storing citizens’ data, but private organizations still needs to remain compliant of both the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Personal Information Protection Act (PIPA). If your company is storing the data of Canadian customers in the US, that’s fine, but you must be able to guarantee that the third party will secure the data in a way that meets all standards of the Canadian regulation, or risk of noncompliance.
Although the two previously mentioned acts can be satisfied without necessarily hosting data solely within Canada, organizations are increasingly risk averse and are considering local service providers.
Megha explains, “The trend we have observed at IDC is that many government organizations, as well as many private organizations do like to take into account if cloud providers are able to ensure compliance with local and international regulations. In some cases, some customers take the proactive effort of ensuring that the data that is deemed sensitive doesn’t move out of the borders of the country.”
Embracing the security challenge to provide better services
Security & compliance concerns around cloud services and storing customer data can sound like a headache that organizations don’t have time to worry about, but this attitude can hinder business progression. The benefits of the cloud and the key business operations that it can power within your organization outweigh the challenging, yet necessary goals of remaining compliant and delivering a secure and safe product offering to your customers.
“Don’t use it as a reason not to move to the cloud. You have to focus on the business value that you’re able to bring, not only to your organization in terms of your internal operations, but also in terms of the business value or that superior experience that you are able to provide to your customers,” says Megha.
Sage Intacct stores data within Canada
Sage Intacct leverages its recently launched Canadian data centre to cater to the increasing demand for cloud accounting solutions that meet Canadian data sovereignty laws. This in-country presence allows Sage Intacct to help more customers in the market with data residency requirements in the not-for-profit, healthcare, financial services, and public sectors. Learn more here.
The quotes in this article are extracts from the on demand webcast Canadian Data Residency and a Secure Switch to the Cloud. Watch now to demystify the security features that keep your data safe, and learn the benefits of switching to the cloud and the positive impact Canadian data residency can have on your organization.