How the Netherlands is better protected by the NIS2 Directive
How the Netherlands is better protected by the NIS2 Directive With the
The enormous growth of data flows enables society, companies and (government) organisations to make better analyses and, on that basis, to get a sharper picture of the future. With machine learning, that data can be enriched and become a tool for predictability. This predictive value is worth a lot: it provides the opportunity to implement proactive instead of reactive policies. It would no longer be necessary to wait for an incident to happen and react upon it, as we have seen with various major data breaches in the past. It becomes possible to anticipate, so that incidents do not grow into crises. Smart data thus enable us to get ahead of that crisis. However, to do so, that data must be kept safe. The ‘sovereign cloud’, meaning that data is stored on sovereign soil and not in a foreign country or world region, seems to be able to provide that and is fully compliant with EU privacy and data storage laws and regulations.
Increased cyber-attacks, geopolitical circumstances, and cost efficiency are reasons for companies to place data on a (secure) cloud environment. However, Dutch government’ cloud policy still makes exceptions: sensitive information, such as state secrets and data from the Ministry of Defence, may not be stored on a cloud. Yet, the Ministry of Defence also benefits from aggregating and using large streams of data in order to improve situational awareness, as long as a secure environment can be guaranteed.
The current debate about data sovereignty and data protection shows a series of misconceptions when it comes to the sources of vulnerability of (our) data, which makes a nuanced approach difficult. People assume a priori that a cloud environment is not secure. And yet, vulnerabilities more often lie in old versions of non-updated software.
Of course, we must be careful when storing sensitive information on the cloud, whether the operator is from Europe, the U.S., or other parts of the world. It is crucial that cloud providers can create a secure environment for data and that they meet the security requirements of the European Union. This includes properly specifying which parties can and cannot access the cloud environment. Furthermore, software stored in the cloud can be updated automatically and centrally, rather than depending on a system administrator to patch the appropriate software in a timely manner. My message is that organizations would do well to critically review those safety specifications from global cloud providers , rather than discard those altogether.
Do you want to know more about what plans the government has regarding (storage of) data and cybersecurity? And do you want to know what impact that will have on your business model? Then click here to contact us.
Or subscribe to the newsletter and receive every three months relevant updates for your organisation in your inbox.
How the Netherlands is better protected by the NIS2 Directive With the
Is your organisation facing new challenges around the Green Deal and the energy transition to Net Zero? Do you want to influence the political agenda and meet the requirements of the Fit for 55 targets? Our advisors are happy to help you.