Data Wave in the Cloud: Reconsidering Cloud Security

DZone 's Guide to

Data Wave in the Cloud: Reconsidering Cloud Security

It's time we reevaluate data and cloud security.

· Security Zone ·
Free Resource

When organizations originally started to move data to the cloud in a meaningful way, the security conversation usually centered around one tactic – access. After all, if you could ensure that only the right people had access to a particular cloud, your data would be safe, right? Not quite.

As we continue to see an increase in data breaches impacting data stored in the cloud, it’s clear that access, in and of itself, isn’t the silver bullet solution. If bad actors want to get your data, they will find a way — they study each new access control technology until they find its vulnerability. Continuing to simply apply another control that hackers will again unlock is a never-ending, no-win prospect — and not cost-effective. In fact, though organizations pour more money into data security, breaches continue to increase.

The reality is that companies need to continuously adapt their cloud security strategy to their current reality, which is unique to each organization. This often means businesses need to start protecting their data at the asset level as it’s constantly in motion from the time it’s created to when it’s posted online, stored on a network server, moved to the cloud, and emailed to colleagues. The emerging strategy isn’t necessarily new, but it is unique to look at protecting the data at the asset level.

The challenge is that most businesses are now in reactive mode as they reconsider cloud security — and when you’re talking about data, which is, unarguably, an organization’s greatest asset, reactivity poses a great risk.

Let’s Talk About Data

As many of you know, when the discussion turns to data, it focuses on two major categories: structured and unstructured. Structured data typically resides in a fixed field within a record or file. This includes data contained in relational databases and spreadsheets. Because of the way it is organized, it can be easily entered, stored, queried and analyzed. This is the type of data used in big data analytics and internet-of-things (IoT) technologies. This structured data is often better moved to the cloud as it usually doesn’t require as much additional context as unstructured data.

When I say organizations need to rethink their cloud security strategies, it’s unstructured data I’m most concerned with and understanding this data can get a little … well, cloudy. This data is difficult to find and track and also difficult to categorize. It’s highly contextual information that’s often contained in the body of email messages and documents created at every level of an organization. It's detailed in the notes of a PowerPoint slide that’s shared around a team, it’s HR paperwork, and on and on. It’s not easy to simply pluck out and protect. At the same time, some of this data residing within a company’s vast number of emails and files that are created and sent around the globe on a daily basis is highly sensitive.

But protecting this data is not straightforward. Before you can ensure its safety, you must identify it and determine what level of protection it needs. Context is critical when it comes to understanding the sensitivity level of unstructured data, and often the best person to discern this is the person who created the document or email or file.

Cloud Security Revamp

Once an organization understands what data they have and what truly needs to reside in the cloud, cloud security can take a three-pronged approach, using the following technologies:

  • Cloud access security broker (CASB) technologies to control or block public cloud access and to enable a private cloud with appropriate access rights.
  • Encryption technologies to protect data as it moves to and from the cloud, between clouds, and also as it is sent an email outside of organization walls.
  • Intelligent identity and categorization tools that make use of machine learning to identify data as it is created, used and stored, and to help refine its sensitivity level through context setting and customization.

These three security arms must work in concert to bring the most comprehensive protection to an organization’s data. And the process is ongoing — especially when it comes to identifying and categorizing unstructured data that is contained in difficult to find places.

Why So Much Fuss About Cloud Security?

Well, as I said before, our most critical data is constantly moving in and out of the cloud. And that data offers more than simply information to fuel future revenues — it’s fast becoming necessary to our core business operations. Plus, with all the great innovations around artificial intelligence (AI) and machine learning to help increase the value of our data, it’s more important than ever that we find more effective ways to protect it. Security needs to be built right into the data itself.

Data is the next business paradigm shift. And the wave is just beginning to crest.

access, cloud, cloud access security brokers, data, data security, security breach

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}