The ongoing coronavirus pandemic has accelerated the online-everything trend. Enterprises continue to digitize new and existing businesses to keep up with this trend and keep business profitable. A McKinsey report notes that even before COVID-19 hit, 92% of companies thought their business models would need to change given digitization. While this concept isn’t new, the surge in digitization caused by the pandemic has pushed companies to adapt quicker than expected.
As a result, cybersecurity threats are rapidly growing alongside this digital innovation. Hiscox, an insurance company, conducted a study of 5,569 companies from the private and public sectors in the U.S., UK, Germany, France, Belgium, Spain, Ireland, and the Netherlands. The report found that cyber losses among targeted companies in the past year have risen nearly six-fold, from a median of $10,000 per firm to $57,000. In tandem, firms stepped up their cybersecurity spending by 39% to keep up with increased threats. While enterprises need to protect themselves against cyberattacks, it’s vital to acknowledge alternative platforms with lower cybersecurity risks, such as secure cloud computing.
Distributed data is less hackable
While the cloud has changed how we think of data resources, the adoption of cloud computing – a strategy used by enterprises to improve the scalability of internet-based database capabilities while reducing cost and risk – has displaced decades of on-premises, centralized corporate data centers. This approach permits data to be widely distributed across cloud providers, seamlessly carrying data through international borders.
This improved data accessibility led to a new generation of software services, better known as Software-as-a-Service (SaaS): a cost-effective alternative to traditional internet technology (IT) deployments. SaaS distribution doesn’t require extensive customization and hardware acquisition by the customer. Instead, SaaS solutions are hosted in and managed via the cloud, reducing the need for onsite hosting, maintenance and in-house knowledge to comply with local compliance and data regulations.
In order to protect your business, moving to a secure and compliant cloud will lower your risk of being hacked by these threats and deliver the most benefits while introducing the least amount of risk. For applications hosted in a company’s own systems, security updates are done manually and depend solely on IT departments. SaaS solutions, on the other hand, have automated maintenance and updates which lower the security risk. As such, a distributed SaaS solution strikes the balance between taking full advantage of SaaS applications while decreasing the likelihood of ransom and other breach attempts by hackers worldwide.
Keeping up with data privacy regulations while on the cloud
However, once you’re on the cloud and have a distributed SaaS model, it’s vital to recognize and stay on top of increasing data privacy and residency regulations. These are new challenges businesses typically didn’t have to face before.
Today, 132 out of 194 countries have put data privacy legislation in place. Unlike regional laws that affect entire groups of countries, these laws are country-specific, each with different requirements. As such, enterprises now face new and stringent data regulations as governments pass legislation to protect data produced within their borders.
While the data privacy and protection landscape becomes increasingly complex and regulated, Chief Information Security Officers (CISOs) must be vigilant to ensure SaaS requirements satisfy each country’s data regulation requirements. This becomes especially critical with the in-house integration of SaaS applications, which can be challenging and require unique architecture and technologies to match the SaaS integration points. Often, CISOs can’t tell if their SaaS products are compliant amongst existing and new data privacy mandates, even with well-known regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
As a result of these laws’ complexity, many companies are fined and, in some cases, blocked from operating in regions entirely. Most recently, on July 16th, the Court of Justice of the European Union (CJEU) abandoned the EU-US Privacy Shield. The Privacy Shield, established in 2016, was an agreement between the US and the EU to allow businesses to transfer data while ensuring compliance with data protection regulations. Now, more than 5,000 companies that utilize the system will have to reevaluate the value of their international business operations, recognizing that a lack of compliance can result in fines up to 4% of a company’s revenue.
The culmination of these ongoing data residency regulations has become one of the leading data protection and security issues that CISOs consider when purchasing SaaS products. Meanwhile, security teams find vendors scrambling to provide adequate clarity on the data-privacy protection in their offerings. As such, SaaS providers struggle to fulfill data residency requirements and identify the countries where data is stored. While distributed SaaS is less hackable, companies still need to understand the residency requirements needed to meet local data regulations.
Thankfully, enterprises can now consider new cloud-based offerings, such as data residency-as-a-service services, to help store and process various data assets within many countries. These solutions complement SaaS products and help them meet these local regulatory requirements.
Now more than ever, businesses around the globe are continuing to move to the cloud where they can easily rent services. As global enterprises become increasingly reliant on SaaS products, it remains essential to keep up with security and the overall regulatory landscape. While more and more regulations are pending, data residency and privacy must continue to stay top of mind for companies.
Ultimately, a distributed SaaS platform – with data compliance built into the software – will help enterprises expand their business, avoid hefty cyber losses and cybersecurity spending, and meet global compliance standards.