In a push to get more public sector organisations to the cloud, the UK government introduced the Government Cloud (G-Cloud) initiative back in 2012. It provides a Digital Marketplace where public sector organisations can shop for cloud services – including Microsoft Office 365 and Azure – that are compliant with G-Cloud standards. The marketplace provides a one stop shop for public sector organizations to find cloud services that meet their security requirements.
While the UK government has worked to make it easier for public sector organisations to find and buy cloud services, research shows that in 2015, 22 percent of UK public sector organisations still did not employ any cloud-hosted services. So, where is the hesitation coming from?
The doubt often stems from the belief that you can’t exert the same control over your cloud data as you would on premises. However, with the right approach to data protection, you can take advantage of the latest cloud technologies while ensuring compliance with regulations. The three steps outlined below are key to taking advantage of cloud services like Office 365 and Azure while ensuring your sensitive data remains in the right hands.
1. Identify what data you have and where it lives
Securing your data starts with knowing what it is and where it is. Discover where your sensitive (dark) data lives. Find out what information resides in your business and where they are being stored so you can protect your most valued assets. This process will help you map your data, and also give you a chance to review who has permissions for what. Once you have better visibility into your data inventory, you have a solid foundation for identifying areas of risk, finding violations, and securing each file according to policy.
While you’re performing data discovery, it’s also a good idea to evaluate how your sensitive data is being used on a daily basis across your organisation. A privacy impact assessment is a great way to get an understanding of how your users are working with sensitive data in your environment.
2. Classify your data
Once you understand the different assets you have, begin tagging data based on factors such as content type, sensitivity level, file location, and owner. Once you have a tag schema you’re satisfied with, start to standardise classification rules for your information assets and apply these rules moving forward. AvePoint Compliance Guardian automates data classification to help you save time. Enforcing classification and tag continuity will make it easier to manage and restructure your data in the future as well as quickly identify and isolate any violations that may occur.
3. Implement privacy controls
With a comprehensive understanding of what data you hold, who has access to it, and where it lives, you can now begin applying controls to secure data and ensure compliance with regulatory policies. Continue to monitor and report on the actions and safeguards you’ve implemented in order to prove policy compliance. You can also start to determine whether assets are not meeting regulatory violations or if any users have inappropriate access rights.
However, don’t be afraid to deviate from your original classification standards. The public sector is subject to organisational changes and new regulations, so there should be some flexibility to modify classification standards based on new needs.
What’s next?
Armed with a solid data protection strategy, you can migrate to the cloud with confidence that your information is properly classified with the correct security and permission settings in place. To learn more about how you can prepare your data for the cloud, register for our webinar at 1:30pm GMT on Thursday, April 14.
