In 2017, Intel Security released the results of a study on trust in cloud environments. Of the 2,000 IT professionals surveyed, those who trust public cloud services outnumbered those who distrust them by more than two to one. As a result of this increased trust, more organizations are storing sensitive data in the public cloud. More than 60 percent of survey respondents said their organization is using the public cloud to store the personal information of customers.
While it’s true that the public cloud is often more secure than on-premises infrastructure, placing sensitive data there creates a number of risks:
- The data could be accessed by many people. Because cloud services are easy to procure, “shadow IT” is a large and growing problem. The Intel Security survey found that almost 40 percent of cloud services were commissioned without the involvement of IT, and IT has visibility into just 47 percent of these shadow services. As a result, 65 percent of IT professionals think shadow IT hampers their ability to keep cloud data secure.
- The data could be altered, deleted or moved without the organization’s knowledge. In other words, organizations lack the ability to monitor the status of sensitive data in the cloud to ensure its integrity and security.
- The data could be physically located almost anywhere in the world. One of the principles of cloud computing is location independence — the customer generally has limited knowledge of or control over the exact location of the cloud resources. This can create legal and compliance risks for organizations subject to regulations that have strict data residency requirements.
The concept of secure data access provides organizations with a framework for protecting their sensitive data in the cloud. As the name implies, secure data access is concerned with both securing data and ensuring that legitimate users have appropriate access to that data. It applies to any IT environment but has become especially relevant as organizations adopt more public cloud services.
Secure data access is not a technology per se but a risk management and mitigation strategy for information security. In the cloud context, it involves a proactive approach to security as opposed to reacting to a data breach or failed security audit.
Visibility is a critical component of secure data access. Organizations need tools that can discover shadow IT services and monitor data traffic moving to and from the cloud. Cloud access security brokers (CASBs) can help IT teams determine what cloud services employees are using and the enterprise data they’re storing, accessing and sharing in the cloud.
Robust authentication is also essential. Most cyberattacks involve compromised user credentials, particularly those for privileged administrator accounts. Organizations should follow authentication best practices, such as requiring strong passwords and implementing multifactor authentication wherever possible.
Encryption and data loss prevention can provide tighter control over sensitive data. Organizations should implement policy-based tools that automatically protect sensitive data at rest and in motion throughout the extended IT environment.
Cybercriminals always look for the weakest defense — that’s why sensitive data stored in the public cloud is an attractive target. The Technologent team can help you develop a layered defense that gives you greater visibility and enables you to extend security controls into the public cloud.
August 21, 2018