Is your data truly secure?

Toni Galo

8월 30, 2024

Data security, sovereignty and integrity are business-critical and thus always need to be transparent.

The past 50 years have been heavily marked by fast technological advancements that have had an extraordinary impact on our daily lives. In the 1970s, computers and the internet were things only governmental institutions were using! There was no on-demand television or instant messaging – people had to keep track of their favorite TV programs in newspapers and had to either make a phone call or meet up personally to talk about their day. Today, 我们的设备是超级强大的，我们的互联网连接是闪电般的速度, 所有的价格都是可以承受的. 人类比以往任何时候都更加紧密地联系在一起, but how does this impact our private lives and the security of our digital identities? 在这样一个快节奏的世界里，你如何确保你的数据是你自己的?

数据安全、完整性和主权之间的区别是什么?

让我们首先对关键术语有一个共同的理解:

Data security 保护数据不被访问的过程是否存在, manipulated, 或在其生命周期内被未经授权的人员或应用程序损坏. 它包括数据加密和散列等活动.

Data integrity (also called data quality) indicates how consistent and untampered-with a set of data is, 不管存储在哪里和如何存储.

Data sovereignty makes sure that your data is subject only to the laws of the country in which it is located.

我们的社交媒体账号之间, the online shops in which we’ve saved our payment data for faster transaction processing and the occasional sweepstake we’ve shared our personal address with in case we win something, 我们往往会忘记我们会有多妥协. Even if we’re not directly the victims of a large security breach, such as the Yahoo security breach in 2013, 在此期间，多达30亿个账户被泄露, the data we willingly share with multiple platforms is often shared with or sold to third parties – and often isn’t anonymized.

错误处理或损坏数据的危险是什么?

A recent summit of 数据安全和主权领导者 重点讨论我们在这里讨论的一些话题. 在录音采访中，云的领导 NXO, OVHcloud and Alcatel-Lucent Enterprise came together to discuss what it takes to guarantee total and transparent data sovereignty.

Sylvain Rouri, OVHcloud的首席销售官, compared data to a locked bicycle: “Encryption is just the lock on your bike. 它不能防止自行车被偷.” He also made it abundantly clear that true data sovereignty can only be achieved when we know and understand all the layers. 我们需要问“谁在处理数据。?”, “Where is the data stored?以及“数据是如何管理的。?”. If these questions do not receive clear answers, it should be considered a red flag.

The dangers of mishandling, leaking, or corrupting someone else’s data have reputational implications as well as legal repercussions. The 目标遭受安全漏洞 大约有4000万张信用卡和借记卡受损, resulting in monumental sales decline and thousands of employees losing their jobs. 花了数年时间才挽回损失.

真正的数据主权面临的三大挑战

Moussa Zaghdoud, EVP of the Cloud Communications Business Division at Alcatel-Lucent Enterprise, highlighted the risk by noting that if you communicate, you’re exchanging data. He and Rouri agreed that very few certifications out there truly regulate and guarantee data sovereignty. 尽管法国以身作则 ANSSI SecNumCloud认证, there remains no centralized certification that guarantees data sovereignty on a European level.

Zaghdoud noted three big challenges for vendors when complying with regulations. First, make sure to use best-in-class encryption mechanisms and state-of-the-art technology. 第二，完全保护所有数据，无论它位于何处或从何处访问. 最后，也许也是最重要的一点，保持流畅和直观的用户体验.

Understanding the layers of a true sovereign solution and how they come together is what seems to be the answer. Starting from the ground up, the infrastructure needs to comply to all local and international regulations and standards. The solution you are building on top of it then needs to meet all security standards for encryption, 技术和互联互通. Data needs to be protected not only when it is stored, but also when it is in transit. 最后一块拼图是客户层面的集成商, 谁必须确保自己的数据得到保护, regulate how and if it is shared with third parties and that the solution is deployed correctly.

信任和专业知识是数据主权的基础

With every new encryption method and technology comes the need to adjust existing regulations and laws. 有时，这些调整是次要的，很容易执行, but a change in technology can also lead to a complete obsoletion of prior laws. The latter situation has a bewildering impact on all three layers – infrastructure, solution, and deployment. François Guiraud, Head of Business Development & 法国NXO的数字化转型他说，服务提供商和集成商最接近客户. They need to work hard to earn accolades and position themselves as trusted advisors.

It is a constant war of attrition to keep ahead of ever-changing trends and technologies, 总是平衡新事物和成熟事物. So long as this is controllable by local authorities, we can determine data sovereignty. The real confusion starts when we start deploying solutions from vendors across the globe, or more specifically, 当使用欧洲总部设在美国的企业管理的解决方案时.

云计算法案如何危及数据安全和数据完整性

What may seem harmless at first glance could turn out to be a serious breach of data sovereignty and integrity. 2001年，美国政府颁布了《火狐体育手机》 Patriot Act授权他们强制访问存储在美国境内的任何数据. 这很容易通过将数据托管在另一个国家来解决, 难道不是因为它的延伸范围很麻烦吗 CLOUD Act (2018), which extended  the Patriot Act from US-only to worldwide reach if the enterprise handling the data has a US headquarters.

In addition to regulations, 法律与技术突破, 意想不到的全球发展, crises or collapsing markets can cause unforeseen sanctions that could inflict grievous wounds on your organization. OVHcloud的Rouri概括了这一点, “只有完全理解所有层面，你才能获得完全的信任. 如果不这样做，则无法重新部署、保护、扩展或恢复. 你基本上是你所选择的解决方案的囚徒.”

In conclusion, 如果你真的想确保你的数据是安全的, sovereign and untampered-with, 检查您正在寻找的解决方案的所有层. 确保每件事都清楚地摆在你面前. Cover everything from how and where a solution is hosted to who is developing, managing and deploying it. 限制对第三方的访问，并确保何时必须授予访问权限, 从端到端角度来看，它是加密和安全的. Your data is your own, but it sometimes takes a bit of reading between the lines to make sure it stays that way.