Data Security Breaches

Summary

• 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites
• The market for cloud services in the UK was worth up to £7.5 billion in 2022
• Concerns raised by Ofcom are the expenses related to transferring data (egress fees) from cloud platforms as well as the tethering of customers to a specific cloud provider (discounts)
• Companies and IT departments, were too quickly farm out our data
• Cloud computing does bring with it many benefits like flexibility for accommodating business changes
• Don’t lose control of your data. Be 100% confident that you know where your data

Data Security

Data security breaches like those that have recently affected the police in Northern Ireland and the Data Ancestry website are becoming more commonplace. At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites. To prevent future issues, and understand why and how is this escalating, we need to take a step back here and take a holistic approach.

Data Sovereignty

Data sovereignty as it is called has shifted over the past decade. Ofcom recently identified that 80% of the UK cloud market sits with three hyper scalers from the USA. stating the market for cloud services in the UK was worth up to £7.5 billion in 2022. We have let UK data flow to the USA since the explosion of cloud services and the Competition and Markets Authority (CMA) has now initiated an investigation into all cloud service providers. Among the concerns raised by Ofcom are the expenses related to transferring data (egress fees) from cloud platforms as well as the tethering of customers to a specific cloud provider (discounts), which restricts the capacity to investigate various alternatives. Also being reviewed are the technical barriers to switching cloud providers.

Where is Our Data?

I welcome this progress. As companies and IT departments, we too quickly farm out our data but we need to consider to whom are we handing over responsibilities and to some degree ownership of the data. And with that, we are also losing the skills to handle it.

I work for Claritas Solutions, a Wetherby-based IT company which only has UK-based data centres and none of our data or traffic is routed overseas. What I have seen is that as more UK-based organisations give away IT responsibilities to larger corporations overseas, the talent also follows. The UK is now left with a shortage of skilled capable people to configure data and assess risks. As companies delegate IT tasks, along with it goes the technical skills and capabilities to deal with the data. This is having catastrophic consequences – those which we are seeing now in such forms as data breaches.

Cloud computing does bring with it many benefits like flexibility for accommodating business changes, speed to market with little or no capital investment, people or expertise needed, and ultimately has transformed the way we work. However many don’t realise that the US cloud providers are subject to US legislation like the Patriot Act, giving foreign organisations access to your data overriding the sovereign states’ own regulations.

Using a cloud provider that is UK-based with locally skilled engineers on hand to provide the expertise you need, not only ensures your data remains in the UK, but that you are supporting the IT sector in retaining future essential skills within the UK.

So, don’t lose control of your data. Be 100% confident that you know where your data is and who is looking after it. And if we stop the flow of losing these skills, I’m in no doubt that we will see fewer data security breaches. The other knock-on effect of this is that it keeps the IT skills in this country, creates jobs, increases employment and benefits our local economy.