Site Logo
Posted to Industry Comment on Thursday, March 9, 2023 Share:
5 minute read

Cloud adoption creates data attacks for healthcare and financial services

New research launched today by Blancco Technology Group, the industry standard in data erasure and mobile lifecycle solutions, has revealed the extent to which healthcare and financial services organisations have embraced cloud, as well as the effects cloud adoption has had on data classification, minimisation, and end-of-life (EOL) data disposal. 

Based on a global survey of 1,800 respondents, the study, Data at a Distance, found extensive cloud adoption, thanks to the ease of managing increasing volumes of data. However, 65 per cent say the switch has increased the volume of redundant, obsolete, or trivial (ROT) data they collect. 

Increasing volumes of stored data brings with it many issues and is of growing concern for organisations operating in heavily regulated markets. In addition to regulatory noncompliance risks, there are the cost and sustainability impacts of storing this data, as well as security concerns, more data means a greater attack surface and more liability in case of a breach. 

Data management best practices indicate that organisations need to know what data they have collected, including its value, where it’s stored and when it needs to be permanently erased. Yet just over half of organizations (55%) can boast a mature data classification model that determines when data has reached EOL, meaning that nearly half fall short when it comes to determining when to dispose of cloud-stored data.

When asked about their cloud approaches, 60% of respondents said that their cloud provider handles EOL data for them. However, more than a third (35%) do not trust their cloud provider to appropriately manage EOL data on their behalf.

Jon Mellon, President Global Sales, Marketing and Field Operations at Blancco said, “healthcare and financial services providers handle some of the most confidential and sensitive information possible. While they have made the move to cloud for better connectivity, digital transformation, and ease of managing data, many of them are still falling short when it comes to knowing how to reduce risk and maintain compliance when that data is no longer serving a business function.

“COVID changed working norms for all industries, and adopting cloud helped adapt to those changes. But hackers also changed their approach. The industry reported that 45% of breaches that occurred in 2022 were cloud based. Yet our research found multiple instances of insufficient practices for managing EOL data in the cloud.”

According to Blancco’s global study of 1,800 healthcare and financial services respondents:

  • 65% of organisations feel that they can better manage EOL data on premises than in the cloud
  • 63% use software-based erasure with an audit trail for managing all data – both on-premises and cloud, but a worrying 38% carry out erasure without an audit trail
  • 91% of those surveyed recognise data classification as an important first step for achieving data security
  • 36% are just beginning to implement a policy for data classification and minimisation, with nearly one in ten yet to implement any such process
  • Regular assessment of data and setting retention periods is a critical and growing concern as regulatory requirements increase for the healthcare and financial services industries.

The study found that 57 per cent of organisations have a data schedule where they review different data types to determine whether data has reached end of life. But just over a quarter (28%) use the blunt approach of automatically setting a data expiration date, which is simple but ineffective: it does not consider what the data is, what it’s worth, or the risk of it getting into the wrong hands. 

Healthcare and financial services organisations are, however, aware of the new challenges for managing EOL data in the cloud. In fact, 65 per cent have found it necessary to reassess how they determine what data is no longer needed since making the switch from analog to digital. But in addition to falling short when it comes to data classification and minimization, a worrying 59 per cent of respondents reported using processes without verified data destruction at least some of the time to deal with at least some of their EOL data. This can leave data intact and retrievable without a proper audit trail to prove proper EOL data disposal.

Best practice that may have been in place in on-premises data centres can be left behind when organisations migrate their data to the cloud. While it is standard for cloud providers to refer to data deletion or destruction processes within user agreements, the practice of receiving clear assurances that specific sensitive data has been removed for good is still in its infancy, leaving highly regulated industries vulnerable to both regulatory noncompliance and unauthorised data access threats. 

Rapid COVID-generated cloud adoption is bringing to light the need for organisations to rethink ownership of their data in a heavily regulated and threat-saturated market. The report lists best practices that will guide these and other data-dependent industries towards ensuring regulations are met and that they can continue to protect both themselves and their customers.

Topics
FINANCE
HEALTHCARE
SECURITY
More News
20 hours ago
Businesses with slow websites could lose up to £28.4 billion this Christmas
Online operations are the backbone for thousands of businesses both large and small in the UK, especially around the holiday season, with online spending predicted to hit £24.1 billion between 1st November and 31st December according to the Adobe Digital Economy Index.
21 hours ago
Abloy Digital Access Solutions Academy 2024 schedule announced
Abloy UK has announced its new schedule of training dates via its Academy and Digital Access Solutions Academy, with courses on a range of topics, from emergency and panic escape compliance to the latest innovations in digital access technology.
3 days ago
PFU (EMEA) announces series of PC-free updates to ScanSnap Home
PFU (EMEA) has announced an update to its mobile application for ScanSnap, ScanSnap Home (for mobile), marking the first step towards achieving PC-free ScanSnap functionality.
5 days ago
Workplace gifting start-up hits user milestone
Workplace gifting start-up Thankbox has hit a milestone of 100,000 users. The Edinburgh-based company was launched in 2020 by husband-and-wife Valentin and Tsvetelina Hinova.
5 days ago
VIPRE Security Group CTO highlights cybersecurity trends for 2024
Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, highlights cybersecurity trends, primarily driven by generative AI adoption, that will dominate in 2024.
56 minutes ago
78% UK IT decision makers deploying AI and automation
8x8, Inc, an integrated cloud contact centre and unified communications platform provider, has unveiled how companies are dealing with this current time of instability and insecurity, which is impacting British businesses by turning to AI and automation.
3 days ago
Employees spend 20% of salary returning to office
A new study has found that Birmingham is the most expensive city to commute in for hybrid workers, as staff spends up to 16 per cent of their salary travelling in each month.
4 days ago
Rubix VT signs up as headline sponsor of Brighton Half Marathon
Independent business telecoms provider, Rubix VT will be the headline sponsor for the Brighton Half Marathon for the next three years.
5 days ago
Maped Helix releases stocking filler guide
From magical, colour-changing felt tips to blow art sets, Maped Helix has released its guide to help make traditional Christmas stocking full of small yet meaningful gifts.
5 days ago
Software vulnerabilities on the decline, according to new research
Synopsys has published the 2023 Software Vulnerability Snapshot report.

Login / Sign up