How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud

Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more complicated across public cloud models where there is shared ownership. As key business stakeholders in your company can you attest to who has access to your data in the public cloud models you use and most importantly that your customer’s data has not been tampered with, corrupted, or leaked?

The New Data Economy

data-economy

We are moving towards a data economy, where data is a core component of the value of the service or product that is delivered to the customer. In our hyper-connected world data streams are becoming far more personal and intimate than previously. Consider a connected bathroom scale where weight loss or gain patterns might be transmitted from a scale to a backend cloud and where as part of the product, customers have the ability to study their weight patterns over periods of time.

Despite a widespread recognition in the industry of the value and importance of customer data, we live in a perpetual state of data insecurity. It’s not only about the high profile data breaches but it’s also about minimizing accidental risk vectors. In the cloud well intentioned employees who don’t consider the ramifications of oversharing on social media sites, or who accidentally drag and drop sensitive documents from their desktops into email or who upload regulated data into insecure file shares to avoid corporate security measures may be your organization’s biggest risk vector.

Internal Data Marketplace

data-marketplace

At the CloudExpo Asia conference last week I referred to the sliver lining in the data insecurity issue. The effects of data loss, misuse and leakage are driving a very necessary change across the business landscape and executives are beginning to get educated on data security issues.

Following are three key steps I recommend to executives as they look to beef up their data security programs with a lens on public cloud

1. Build an internal data marketplace: Organizations need to know the value of their data in order to make the right decisions about whether to host or transact their data in a particular cloud model, and thereafter how to protect it. To calculate the value of data, build an internal marketplace with user entitlements and access controls mapped accordingly. This encourages business users to treat data as part of the business P&L.

2. Learn from your data insecurity history: Organizations have a tendency to want to bury the past especially when it hasn’t been stellar. However, knowing how data has been used and abused in the past is an indicator of how it might be compromised and disclosed in the future. Studying loss trends over time can help organizations forecast future losses and improve prevention and mitigation strategies.

3. Make data protection business-consumable: This is a recurring theme in my writings. As business leaders rush to adopt new cloud applications security needs to partner much more strategically. The way that security classifies and treats data has to align to business and usage contexts. It’s protecting data, transactions and workstreams versus focusing only on building secure and compliant infrastructures that will help organizations win and retain customer trust in the long run.

(Image Source: Shutterstock)

By Evelyn de Souza

About Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

View All Articles

Sorry, comments are closed for this post.

Comics
Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and more popular, it is worth…

Data Breaches: Incident Response Planning – Part 1

Data Breaches: Incident Response Planning – Part 1

Incident Response Planning – Part 1 The topic of cybersecurity has become part of the boardroom agendas in the last couple of years, and not surprisingly — these days, it’s almost impossible to read news headlines without noticing yet another story about a data breach. As cybersecurity shifts from being a strictly IT issue to…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

The Cloud Is Not Enough! Why Businesses Need Hybrid Solutions

Why Businesses Need Hybrid Solutions Running a cloud server is no longer the novel trend it once was. Now, the cloud is a necessary data tier that allows employees to access vital company data and maintain productivity from anywhere in the world. But it isn’t a perfect system — security and performance issues can quickly…

Is Machine Learning Making Your Data Scientists Obsolete?

Is Machine Learning Making Your Data Scientists Obsolete?

Machine Learning and Data Scientists In a recent study, almost all the businesses surveyed stated that big data analytics were fundamental to their business strategies. Although the field of computer and information research scientists is growing faster than any other occupation, the increasing applicability of data science across business sectors is leading to an exponential…

The Fully Aware, Hybrid-Cloud Approach

The Fully Aware, Hybrid-Cloud Approach

Hybrid-Cloud Approach For over 20 years, organizations have been attempting to secure their networks and protect their data. However, have any of their efforts really improved security? Today we hear journalists and industry experts talk about the erosion of the perimeter. Some say it’s squishy, others say it’s spongy, and yet another claims it crunchy.…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…