Skip to main content

Top five data security principles to follow when moving to the cloud

cloud
(Image credit: Shutterstock / Ekaphone maneechot)

In the wake of the Covid-19 pandemic, digital transformation has become essential for enterprises forced to adapt to new working conditions. Many organizations had already started their digital journey at the beginning of last year, but the global epidemic certainly accelerated things. In fact, research has shown 8 out of ten organizations fast-tracked their journey to digital transformation, compressing the process which would normally take years, into just a few months. Chief among these services is cloud technology which has become indispensable to the modern enterprise. Indeed, it is estimated that worldwide end-user spending on public cloud services is forecasted to grow 18.4 percent in 2021 to a total of $304.9 billion, up from $257.5 billion in 2020, according to Gartner, Inc. It is only natural that businesses will gravitate to this technology to reap its many advantages which include cost-savings, efficiency, scalability, performance, and flexibility.

Still, whether your enterprise is using private cloud services, public services, or a hybrid approach, the importance of protecting the data that resides within cloud infrastructures is essential. While cloud service providers have security parameters built-in, numerous security risks are still involved that you should understand to avoid potential exposures.

Cloud does come with risk

Whenever you adopt new technology, you must also account for new risks. Migrating to the cloud is certainly no exception. With online connectivity required to access cloud services, a chance always exists that cybercriminals will target this environment, particularly if it contains highly sensitive information. Highly sensitive equals highly valuable to cybercriminals. It also means increased risk for you.

Security is therefore required to mitigate against the risk of data loss, through inadvertent exposures, security misconfigurations, and even the possibility of cyberattacks attacking through common methods such as malware infections. Securing data also addresses compliance requirements for the many data protection regulations that have emerged such as GDPR, CCPA, and HIPAA.

Know who is responsible

The enterprise itself is ultimately responsible for its own data security when it deploys information in their cloud services. Let’s be clear: you are the data caretakers, guardians and protectors of highly sensitive data. If your organization and cloud provider is following a shared responsibility model, then you must work together to configure the security controls to the enterprise's specifications and requirements. Typically, these responsibilities are addressed within the cloud provider’s service-level agreements. However, as the data owner, you must invest a lot of trust in the cloud provider that the systems are being adequately protected. If you overlook security, then you may encounter severe problems as data privacy and security regulations and even some industry standards require you to always secure your customers' personal and sensitive data.

Implement the right tools and the right people

Many businesses have legacy data security technologies already in place for on-premise environments, but these security mechanisms are not fit for purpose for modern cloud architectures. Modern cloud infrastructures require enhanced capabilities to meet the high demands of data protection to battle against the vast array of threats. Therefore, a new approach to security is required, one that provides visibility into the location of enterprise data and also protects that data throughout the entirety of its lifecycle, from data creation through to its ultimate destruction. The ideal strategy would be data-centric security, which travels with the data even if that data moves outside a protected perimeter and only de-protects it when absolutely necessary within a highly controlled environment.

Additionally, business leaders must acknowledge that a data security expert may not necessarily be a cloud expert. Cloud environments are often complex and require a deeper understanding of the technology, processes, and systems that make up these architectures.

Ensure data is still usable

Data is the most valuable asset for businesses and is often touted as the “new gold” of the organization. When used responsibly and sustainably, it can be analyzed to make business decisions, plan forward strategies, and gain valuable insights on customer behavior. It is therefore not uncommon for enterprises to hold troves of cloud databases filled with such information.

However, it is only beneficial if that information is usable to conduct the necessary analytics. This presents a hurdle for most businesses as traditional data security solutions do not offer the capabilities to conduct analytics without de-protecting the sensitive information first. The ideal method to protect sensitive data in the cloud, one which also facilitates analysis, is tokenization because it not only keeps the integrity and the properties of the data intact, but it also reduces any risk of data exposure.

Tackle data security from the beginning

By taking complete control of data security from the outset, your enterprise can dictate where, and how, sensitive information is protected, which will lower compliance costs and significantly reduce the risk of data breaches. Those within the security industry have regularly touted the need for a proactive stance when addressing such threats, and this certainly applies when migrating to cloud environments. Cloud technology has many benefits and will continue to develop into an integral business enabler, but where powerful technology is you will also find risk. If you do not address data security from the beginning, more (and more damaging) cloud exposures can and probably will occur given enough time.

Migrating to the cloud should not be a rushed process and time should be taken to address all key data security obligations. With a clear plan, and with data-centric security at the heart of the overall security strategy, enterprises will obtain the true benefits the cloud has to offer.

Trevor Morgan, product manager, comforte AG

Trevor J. Morgan is responsible for product management at comforte AG, where he is dedicated to developing and bringing to market enterprise data protection solutions that meet ever increasing risk and compliance requirements.