Evelyn de Souza

Principles For Data Protection In The Cloud In 2016

Data Protection In The Cloud

2015 ushered in the start of a data economy. As organizations amass more detailed consumer profiles they have begun realizing that data could equal or surpass the value of the products and services they sell, especially in the Internet of Things era with its constant and very personal streams of data. Data breaches such as the Office of Personal Management and toymaker, VTech are indicative of increasing hactivist interest in more personal data and also of the growing value of that data.

hacker-cloud

At the same time the concept of cloud is changing. In our hyper connected era traditional backend clouds where the bulk of data processing takes place have been superseded by waves of cloud migration that are closer to where the data transaction is occurring. This allows for real-time data exchanges.  Additionally, the lines between SaaS, PaaS and IaaS are becoming blurred with hybrid models such as SaaS built upon PaaS.  With the confluence of a data economy, blurring of cloud models, and far more egregious data breaches I have outlined principles that Information Security Practitioners may want to consider as we move into 2016.

1. Bake standard data security profiles into a cloud brokerage platform that can be applied on as needed consumption basis.  This will more easily allow IT and InfoSec to keep pace with new instantiations by the business across the cloud-extended data center.

2. Place increasing importance on federated identity schemes with individuals having multiple devices across different cloud services.

3. Build a data brokerage to help calculate the value of data.  It’s the most effective way for business users to learn the value of the data they create, collect or handle.

Protect data according to the following domains:

data-protection

Data Classification

  • State data classification in business consumable terms if you want business users to own up to protecting data according to its business risk.
  • Leverage machine learning for dynamic data classification as data changes value over the course of its lifecycle.

Data Ownership

  • Where possible digitally tag or watermark data that is transacted, stored or processed with a cloud provider.  This minimizes confusion around data ownership and entitlement rights.

Data Protection and Lifecycle Management

  • Ensure policy management extends to access management at the various admin layers for the cloud provider as well as for the elements of the cloud stack you as an organization have control over.
  • Enable data owners to specify what actions users can take– read, write, copy, modify.
  • Ensure that data lifecycle management – creation, modification, retention, destruction is built into your policies.
  • Set encryption settings – key strength and key management parameters based on data sensitivity.
  • Continuously log all actions based on the context of who, what when and where.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW’s Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry’s first blueprint for making data protection “business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

CONTRIBUTORS

Have You Heard of AI Washing? Meet the Latest Case: An AI Washing Machine!

Have You Heard of AI Washing? Meet the Latest Case: An AI Washing Machine!

Have You Heard of AI Washing? AI (Artificial Intelligence) Washing is the current attempt to imbue the latest, coolest buzz ...
Legal Tech - How to Create Long-Term Growth for Your Practice

Legal Tech – How to Create Long-Term Growth for Your Practice

Legal Tech Your Practice Your law firm is a business. Like all businesses, growth and profitability is paramount. You want ...
Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

The Automakers iPhone Moment Remember Blackberry? How about Nokia or Motorola? Vaguely you say. Will we one day state the ...
What Does The Transition To New Energy Teach Us About Cloud?

What Does The Transition To New Energy Teach Us About Cloud?

New Energy Shift CIOs report that private cloud is all the rage now. The Cisco’s of the world argue that ...
Future Data Scientists

Big Data: The Hot Commodity for Marketing in 2017 and Beyond?

Big Data: The Hot Commodity for Marketing Will the market for consumer data ever come to a breaking point? Let ...
Is There Still A Place For On-premise Migration Tools In The Cloud?

Is There Still A Place For On-premise Migration Tools In The Cloud?

On-premise Migration Tools With the popularity of cheap and convenient online migration tools, it’s hard to imagine why there would ...
Tips to Help You Get the Most Out of Big Data Analytics

Tips to Help You Get the Most Out of Big Data Analytics

Get the Most Out of Big Data Analytics The amount and type of data related companies continues to increase each ...
2017 Expected To Bring Cloud Service Price Hikes

2017 Expected To Bring Cloud Service Price Hikes

Cloud Service Price Hikes As the year comes to a close and there’s a new one on the way, people ...

NEWS

EU privacy regulators to discuss Uber hack next week

EU privacy regulators to discuss Uber hack next week

BRUSSELS (Reuters) - European Union privacy regulators will discuss ride-hailing app Uber’s [UBER.UL] massive data breach cover-up next week and ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...
Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

Cloud Security Alliance Issues New Code of Conduct for GDPR Compliance

EDINBURGH, Scotland, Nov. 21, 2017 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices ...

SPONSORS

Scale your Windows Azure application

Understanding The Importance Of A Flexible Hybrid Cloud Solution

Flexible Hybrid Cloud Solution The cloud computing revolution continues to gather pace, and more and more businesses are coming on-board ...
How Printers Help Hackers Hide In Plain Sight

How Printers Help Hackers Hide In Plain Sight

Printers and Hackers Spies and thieves often do their best work by hiding in plain sight. No one suspects the ...
Has Cybersecurity Become Too Reactive in this Day and Age?

Has Cybersecurity Become Too Reactive in this Day and Age?

Cybersecurity Too Reactive? Cybersecurity today has become far too reactive. The constant innovation of hackers has meant that defenses are ...