Data sharing, cloud storage security under scrutiny
by Resolve Editor Kate Tilley
Data is valuable. A host of organisations, including governments at all levels, and many insurance industry organisations, have massive datasets and many are happy to share de-identified data for the public good.
Ian Chisholm, a partner at Sydney-based management and technology consultancy Frazer Walker, says data sharing can boost economic growth and propel innovation, but there are privacy and other ethical implications to consider before sharing can be done safely.
For the insurance industry, safe data sharing is vital. Strong data sharing and data governance capabilities within insurance companies and financial services providers are critical to finding, analysing and exploiting the proliferation of external datasets, data broker offerings and other third-party data assets, including open data initiatives by various governments.
“Using external data to improve the customer experience, contain or lower premiums, mitigate claims, proxy rating factors or provide deeper insights into the nature of the insurable assets, is shaping up to be tomorrow’s battleground, especially with the emergence of the internet of things, telematics, digital health and intelligent devices,” Mr Chisholm says.
He has written a white paper that outlines the rapidly evolving field of data sharing and offers guidance on data-sharing methodologies and aims to encourage a robust debate to ensure the integrity of data-sharing principles.
Mr Chisholm’s paper examines the pitfalls and promises of the framework Five Safes, which is emerging as the foundation stone for data sharing.
He says organisations working in the data-sharing space, like Frazer Walker, are continually seeking more advanced methodologies to protect personal information. “Risk management tools that aim to mitigate accidental data breaches and ensure re-identification cannot occur are important.”
Related to data-sharing security is security for data storage in the cloud. The 2021 Thales Cloud Security Study, The challenges of cloud data protection and access management in a hybrid and multicloud world, shows that the technology sector in general – and cloud adoption in particular – has been instrumental in helping the world cope with the enormity the Covid-19 pandemic.
“For those looking into cloud adoption, the pandemic merely accelerated what has been a long-term broad adoption of cloud environments, including multicloud and hybrid deployments,” the study says. Benefits include faster time to value and time to market, and the ability to experiment and quickly leverage elasticity and resiliency.
However, Thales, a French-based multinational that provides services for the aerospace, defence, transport and security markets, says organisations must understand the cloud’s “significant new security challenges”, including how responsibilities are shared between provider and customer, how the threat models change, and how internal stakeholders respond.
The study says protecting customer data is a priority and organisations should review their strategies and approaches to proactively protect data in cloud, especially sensitive data. “This includes understanding the role of specific controls and technologies, including authentication, encryption and key management.”
As data privacy and sovereignty regulations grow across the globe, it will be paramount for end-user organisations to have a clear understanding of how they remain responsible for data security and how they must make clear decisions about who is in control of and who can access sensitive data, the Thales study concludes.
|Back to top|
Resolve is the official publication of the Australian Insurance Law Association and