Category: Mobile Security

Data backup and protection is imperative for any business, large or small, and the Cloud is one extremely popular and efficient method of securing and backing up relevant data on a regular basis.

What is Cloud Backup?

Cloud backup is a form of software that provides a remote and online backup service, providing an easy solution for those businesses who wish to backup their data without the need for manual backup systems. Alternatively, many use the Cloud backup as an extra precaution alongside any manual backup activity.

Cloud backup is a substantial option, as it provides easy, remote, and online access to all business data, which has been backed up, meaning the Cloud is a fast solution that can back up at high speeds, as well as provide instant access.

Cloud backup is also a key method for business data recovery, as any data stored in the Cloud can easily be restored, often at the click of a button.

What are the Benefits of Cloud Backup?

• It avoids the need for extra business costs. Using existing software and infrastructures from dependable Cloud suppliers, like the Checkpoint Capsule Cloud, means that you can take advantage of existing and secure networks to backup your data, eliminating any extra expense for on-site data backup or supplies.
• It’s reliable and fast. Restoration of data from the Cloud can be instant, meaning if the worst happens and data is lost, it won’t be a huge disruption to your business in having to wait for data to be restored.
• It is a low-cost solution.
• It saves time compared to manual backup efforts on-site.
• It inspires more productivity. Easy Cloud backup means more time for employees to spend on other tasks rather than worrying about backup.
• It lowers the risks and vulnerabilities associated with manual backup. A manual backup will see businesses keeping stock of tapes that have their data stored on. These physical tapes can easily be accessed, stolen, or destroyed in the event of emergencies such as fires.

How Secure is the Cloud?

With the increasing popularity of the Cloud and it being the go-to solution for data backup, it’s natural for businesses to worry that it would naturally be the first point of call for any hackers or cyber threats. This leads to questions regarding how vulnerable your data might be when stored in the Cloud.

When data is secured in the Cloud, it comes with secure encryption technology, meaning the best efforts are always maintained to protect data. Data will require specific keys and access data to be able to view business information. This means that anything stored in the Cloud is just as well protected as business data stored with adequate security and network measures on-site.

Furthermore, Cloud services can easily be upgraded based on the level of security you desire. Larger and more substantial Cloud systems can offer a broader and larger range of protection and security measures, making the Cloud a flexible and tailored solution for data storage and security needs.

The California Consumer Privacy Act (CCPA) is a California data protection law that went into effect on January 1, 2020 and began enforcement on July 1, 2020. The goal of the regulation is to ensure that companies operating in California and processing the data of California citizens properly protect that data and provide certain rights to data subjects.

The requirements of the CCPA are fairly strict, and the California Privacy Rights Act (CPRA), a current ballot initiative scheduled to be voted on in November 2020, will build upon and expand the requirements of the CCPA if passed. Achieving, maintaining, and demonstrating compliance with the regulation can pose a significant challenge for affected businesses.

However, the requirements of the CCPA and CPRA only apply to data that can be used to uniquely identify an individual or household. Efforts to anonymize data, such as the use of tokenization, can help to reduce the burden that CCPA places upon businesses.

CCPA is More Than Just Subject Rights

With the CCPA – and similar privacy laws such as the EU’s General Data Protection Regulation (GDPR) – the main takeaway that people have is that these laws dramatically expand the rights of data subjects regarding their personal data.

In the past, companies could collect, store, and use their customers’ data more or less with impunity. Consumers largely lacked visibility into what data was being collected and how it was used. They also often lacked a means of pushing back against “inappropriate” use of their data.

CCPA (and GDPR before it) have changed this. Within their jurisdictions, data subjects have the right to be informed of data collection and process, to request a copy of their data, to withdraw consent for certain processing activities, and to instruct a company to delete all data that it has collected about them.

However, while this is a significant change from the status quo, it is not the only purpose of the GDPR and CCPA. Both of these laws are also designed to protect the privacy of customer data from external parties by forcing companies to properly protect this data. By requiring a company to put certain cybersecurity controls in place and reserving the right to levy significant fines for security incidents or regulatory noncompliance, these laws incentivize organizations to have strong cybersecurity and reduce the probability of a breach of sensitive consumer information.

The Challenges of CCPA Compliance

The CCPA is a step in the right direction and is generally a positive move for consumers. However, the need to comply with the requirements of the regulation places a significant burden upon affected businesses.

In order to maintain compliance with the CCPA, an organization must have:

• Complete Data Visibility: Companies must know where protected data is in order to respond to a subject’s rights requests or detect a potential data breach
• Full Data Control: Companies must be able to modify or delete customer data in order to comply with a subject’s rights requests
• Comprehensive Data Security: Companies must have compliant security controls in place to secure protected data wherever it is located

While achieving all of these requirements within an organization’s network is possible, it can be difficult. Also, even the best-designed security still carries the risk of a data breach. Minimizing this risk requires minimizing the footprint of sensitive and protected data on an organization’s network.

Tokenization Enables Effective Data Anonymization

The requirements associated with the CCPA only apply to data that can be uniquely identified as belonging to a particular individual or household. Data that has been properly anonymized or deidentified does not carry the same requirements, making it easier for organizations to manage without violating regulatory requirements.

Most applications within an organization do not require access to protected data. A unique identifier for a user is as effective as a name or email address and does not carry the same impacts if it is breached. Similarly, a user’s address and financial data are only required by shipping and billing departments.

Tokenization enables an organization to replace protected data with unique tokens that can be formatted to fit the needs of a particular application. Since the mapping from a token to the actual data is only stored in a single database, it is useless to an attacker without access to this database.

This enables an organization to focus their data protection efforts on a single location in the network, rather than everywhere that a user’s personal data could be stored or processed.

Leveraging Tokenization for CCPA Compliance

Compliance with the CCPA and other data protection laws requires organizations to reconsider how they implement data collection, processing, and storage in their networks. Under the new rules, consumers have many more rights regarding their personal data, and the stakes of failing to properly protect collected data are much higher with regulatory authorities actively investigating data breaches and reports of noncompliance and levying fines on offenders.

Scattering consumer data throughout the network and making it accessible to many applications expands an organization’s attack surface and makes managing subject rights requests much more difficult and complicated.

Taking advantage of tokenization enables an organization to minimize access to and use of sensitive and protected data to applications where it is required to perform their functions. This reduces an organization’s vulnerability to attack and simplifies the process of achieving, maintaining, and demonstrating compliance with the CCPA.