Rapid Covid-era cloud adoption has revealed “cracks” and weaknesses in data management practices in healthcare organizations, according to new research data released by data erasure and mobile lifecycle solutions provider Blancco, in partnership with research firm, Coleman Parkes.
The survey responses from 1,800 IT professionals from financial services and healthcare organizations in US, Canada, UK, Germany, France, and Japan, paint a picture of the extent to which highly regulated organizations are falling short when addressing new challenges to protect data in the cloud.
The report, titled, Data at a Distance, details the effects of rapid cloud adoption in these segments, including the cost and sustainability impacts of storing this data, data classification missteps, as well as security concerns and liability related to data breaches.
A few growing concerns were highlighted in the survey data:
The switch to the cloud has also increased the volume of redundant, obsolete or trivial (ROT) data they collect –Nearly two thirds (65%) of global respondents agreed with this observation. The larger the volume of ROT data, the greater attack surface and more liability in case of a breach, which is a serious vulnerability for organizations operating in heavily regulated markets.
Nearly half of organizations surveyed are having trouble determining when to dispose of cloud-stored data –Data management best practices indicate that organizations need to know what data they have collected, including its value, where it’s stored and when it needs to be permanently erased. While 55% of organizations can attest to a mature data classification model that determines when data has reached EOL, 45% — nearly half — are falling short when it comes to determining when to dispose of cloud-stored data.
A whopping 59% of respondents reported using processes without verified data destruction at least some of the time to deal with their EOL data. This can leave data intact and retrievable without a proper audit trail to prove proper EOL data disposal. Additionally, a worrying 38% of respondents said they carry out erasure without an audit trail.
More than a third of financial and healthcare organizations do not trust their cloud provider with regards to their EOL data –In fact,35% reported that they do not trust their cloud provider to appropriately manage EOL data on their behalf.
Canada leads the charge in regular assessment of data and setting retention periods – The study found that, in Canada, 64% of organizations in highly regulated industries have a data schedule where they review different data types to determine whether data has reached end-of-life. This is the highest percentage point from all the countries surveyed, and a welcome development as regulatory requirements continue to increase, particularly in the healthcare and financial services spheres. However, nearly a third (30%) use the blunt approach of automatically setting a data expiration date, which is simple but ineffective: it does not consider what the data is, what it’s worth, or the risk of it getting into the wrong hands.
Awareness of the new challenges for managing EOL data in the cloud is an important takeaway. Best practice that may have been in place in on-premises data centers can be left behind when organizations migrate their data to the cloud. While it is standard for cloud providers to refer to data deletion or destruction processes within user agreements, the practice of receiving clear assurances that specific sensitive data has been removed for good is still in its infancy, leaving highly regulated industries vulnerable to both regulatory noncompliance and unauthorized data access threats.
The report lists best practices that will guide these and other data-dependent industries toward ensuring regulations are met and that they can continue to protect both themselves and their customers. For full analysis, read the report here: https://www.blancco.com/data-at-a-distance.
