Security Controls and Automation: Protecting Sensitive Data in the Cloud
Read Our Post
Profits are built on data. Data lives in the cloud. Cloud data security is still an unsolved problem.
In the age of the digital economy, data generation, collection, analysis, operationalization, and sharing have become core to profitability for B2B and B2C businesses alike. The average employee has access to 10.8M files at any given time. While some of that information is critical to business functions, there's a high likelihood that sensitive data exists within the millions of files, even if employees don't need it for their roles. Organizations with the best intentions do not have complete visibility into where the data lives or its use throughout business operations. The issue is exasperated with the adoption of cloud platforms. Influenced by a pandemic, lower costs, more innovation, and better accessibility, public clouds have become key to business infrastructure, with 71% of organizations using public clouds, according to the State of Cloud Security from Cloud Security Alliance.
So if profits are built on data and data lives in the cloud; why haven't organizations figured out cloud data security?
The gaps between tools are wide
Organizations leverage several tools to protect data, from access control management tools that limit and restrict access to specific data sets to data loss prevention that alert when data is about to leave the organization. Unfortunately, access control management tools don't prevent threat actors from compromising legitimate credentials to access sensitive data, and DLPs alert when the damage is already done. The security controls in-between access management and DLP generate large quantities of alerts that range from benign signals to actual malicious activity. As a result, data and security teams are at a disadvantage with the existing tools at their disposal.
Mitigation through the power of high-fidelity detection
The risk of hosting data in cloud platforms and applications can be mitigated through the use of strategic tools that focus on detecting new data stores and misconfigurations, classifying and tracking sensitive data, and enforcing data governance. Cloud Security Alliance (CSA) reports that organizations are looking for security tools that can supplement internal talent. Specifically, organizations want tools that can provide visibility across multi-cloud and on-prem environments, proactively detect misconfigurations, ease on-prem to cloud migrations, among other things.
Immediate Efforts
For the security team that can dedicate resources, that may mean using existing tools to align with MITRE's mitigation methods aimed to reduce the impact of targeted attacks:
- Auditing permission on cloud storage to ensure proper permissions are allocated or denied
- Encrypting data at rest, rotating encryption keys, and having an incident response plan
- Filtering network traffic by using IP-based restrictions or IP allowlisting
- Multi-factor authentication to restrict access to resources and cloud storage APIs
- Restricting file and directory permissions through access control lists for storage systems and objects
- User account management to permission cloud storage access by groups and roles
Long-term Planning
For organizations that need to supplement skilled teams and streamline mitigation through a comprehensive platform, Dasera is here to help.
With Dasera, customers can:
- Discover & classify sensitive data within 1 day
- Detect new data stores as they're created
- Mitigate the risk of over-privileged data access
- Investigate data usage to uncover misuse
- Report on your compliance and regulatory posture in real-time
Gain full visibility and control over your cloud data stores; try Dasera free for 30-days.
