19/Jun/2020
The EU’s NIS – or Network Information Security – regulations are aimed at ensuring organisations that provide critical services implement sufficient cyber security measures and notify significant breaches or incidents to the relevant authority. Consequently, the UK implemented the NIS Directive in 2018, requiring organisations within the UK that are responsible for critical services to comply with these cyber security standards and referring them to register with the ICO.
The scope of the NIS Directive is generally thought to apply to power stations, health care, water supply and other such Critical National Infrastructure. Within the Directive, these organisations are termed “operators of essential services,” or an OES. However, this remit has naturally been widened as digital transformation continues to streamline and optimise organisations across industries – providers of these services are known as “digital service providers.” In short, it is imperative that cloud service providers, who provide data storage and other functional capabilities to infrastructure organisations, ensure that they maintain the high-level cyber security posture required by NIS and register with the ICO as an essential service.
Of course, cloud service providers should already have strong cyber security processes – after all, if customers can’t depend on the protection of their data and systems, they are likely to choose a competing provider. Similarly, the EU’s GDPR will likely seem to cover the requirements of the NIS Directive. However, these regulations were written to protect two different segments within information security. GDPR ensures the protection of personal data, while NIS focuses on ensuring that critical organisations have proper security measures in place for their systems.
To keep in line with the NIS Directive, here are some points cloud service providers should be considering:
The NIS Directive aims to establish dependable policies within organisations that are deemed critical, including cloud service providers. Without these considerations, the chance of a hack or physical attack are high, and the resulting impact could be devastating.
This is the second in a series of blogs about the NIS Directive; you can read our first blog here. For more information on NIS, check out the resources from the ICO.
contact@cynation.com
+44 020 3190 5000
PopHub Leicester Square
41 Whitcomb Street
London WC2H 7DT
contact@cynation.com
Oude Udenseweg 29
5405 PD Uden
The Netherlands