| | JUNE 20248CIOReviewMANAGING DATA SECURITY AND PRIVACY RISKS IN CLOUD SERVICES ARRANGEMENTSBy Darrell Bateman, Director, Chief of Information Security, City BankWhen we utilize cloud-based services that involve sharing our own confidential data or our customers' sensitive or private data, we entrust the security and privacy of this data to those cloud providers. For instance, if a cloud provider suffers a cyberattack that results in the loss or exposure of this sensitive data, both parties in the cloud services arrangement should understand their obligations in responding to and mitigating the incident. By comparison, if your organization and its infrastructure were attacked and sensitive data was exposed, you would be obligated by state, federal, and, in some cases, international law to identify and notify the affected individuals and provide adequate relief, such as free credit monitoring. Will your cloud providers take on this responsibility for the data you entrusted to them? If the answer to this question is unclear, then you may need to ensure both parties in cloud services arrangements clearly understand their responsibilities and obligations. You may also need to consider what steps can be taken to minimize the risk and impact of a data breach in your third-party relationships. Here are some tips and best practices to consider before entering into cloud service arrangements involving transferring, processing, or storing sensitive data.Darrell BatemanIN MY OPINION
< Page 7 | Page 9 >