In the first three posts in this series, we examined data from the financial services, healthcare and retail industries, and the potential security benefits that could be derived by adopting cloud computing.
Today we’ll wrap up the series with a look at cloud security trends in the public sector, specifically the value which cloud providers might deliver by improving data classification practices among government entities.
Government institutions around the world are among the biggest handlers and processors of personal information—tax records, licenses, birth certificates, and voting credentials, to name just a few. Citizens in turn rely on the authority of government records to obtain a vast array of goods and services—mortgage loans, access to commercial flights, or auto rentals, for example.
The authenticity of those records is a critical driver of commerce and delivery of government services. Individuals and businesses expect governments to take appropriate precautions when handling their sensitive information.
Data classification is an important method of increasing the protection and proper management of information by separating it into categories based on sensitivity (high, medium or low, for example). More sensitive or critical information can be given greater protection, while lower risk information can be made more accessible, as appropriate. This process can improve compliance efforts and help safeguard important records, allowing other data and resources to be managed more smoothly.
Conversely, weak or incomplete data classification strategies could result in improper handling of sensitive private data, raising the risks of accidental release or corruption, or the potential exposure of confidential information to employees whose jobs do not require access.
An experienced cloud services provider (CSP) will typically employ a comprehensive data classification program to protect and streamline access to sensitive information. For public sector entities, this could be an important benefit of cloud adoption. Our recent study “Security Trends in Public Sector” found that 55 percent of public sector organization have a standardized data classification methodology in place.
Recommendation: Organizations should ensure that confidential data are classified as sensitive assets that require an elevated level of security.
If you work in the public sector and are considering cloud adoption, I encourage you to download the full report, “Security Trends in Public Sector” to see how the cloud might bring value to your organization.
Data classification is a good example of how a CSP can handle more complicated IT security functions and allow public sector professionals focus on their areas of expertise. If you are considering cloud adoption, be sure to inquire about the provider’s policy for data You can find additional information and guidance in the “Data Classification for Cloud Readiness” paper that can help understand what you should consider.
I hope you have found this series helpful. If you have any comments or feedback, please connect with us on Twitter @msftsecurity.
About the study
Survey results are based on aggregated and anonymized data, collected from more than 12,000 respondents who used the Cloud Security Readiness Tool (CSRT) between 2012 and 2014. The CSRT uses a participant’s answers to 27 questions to provide a custom report to help organizations understand their current IT infrastructure, identify relevant industry regulations, and assess whether cloud adoption will meet their business needs. You can access the tool and related information at http://www.microsoft.com/trustedcloud.