Can you imagine life without clean water or power? We consume both every day, and they provide a vital function to so many things, from our devices and homes to life itself.
Now, thanks to new rules from the European Union’s Network and Information (NIS) directive, we can add cloud computing, search engines and other internet services to that ‘vital infrastructure’ list.
Cloud computing, according to the government, “enables access to a scalable and elastic pool of shareable physical or virtual resources, which can include Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).” Areas not included are most online gaming, entertainment or VoIP services. The key difference in those cases is that the resources available to the user aren’t scalable.
Per the NIS, organisations providing essential services must ensure their security is strong enough to protect their network and information systems from attackers. They must also notify authorities of significant incidents. A straightforward reporting system will be created so companies can easily report cyber breaches and IT failures, prompting a quick response to attacks.
These regulations are a major recognition for cloud computing and digital services. Once thought of as risky endeavours, they’re now considered ‘essentials’ in our daily lives. Some examples of businesses this will affect:
• Airlines, airports, air traffic control
• Local and national rail networks
• Road transport organisations
• Healthcare companies
• Suppliers and distributors of drinking water, electricity, gas
• Oil refineries and producers
If organisations decide not to embrace these rules, the penalties are steep. Fines could rise as high as £17 million – about $24 million – for businesses that don’t comply. These fines are a last resort, and according to regulations, “will not apply to operators which have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack”.
In addition, the NIS directive also covers online marketplaces, search engines and cloud computing services providers. Though the inclusion of SaaS providers has been met with some resistance, the government says these providers play “an important role in the UK’s economy,” adding that “it is right that they are held responsible for ensuring the security of their network and information systems.”
The NIS directive will become part of UK law in May, alongside the updated GDPR regulations, and is part of a five-year £1.9 billion government cyber-protection programme. It’s a strong message that network and information systems provide critical support to daily activities, and organisations should treat them with the utmost care and guidance.
Living and working online has become ubiquitous – now organisations must ensure users can be as safe as possible when accessing this vital infrastructure of our daily lives.
Find out how Rackspace helped People HR® to protect critical customer data, and approach GDPR compliance processes.