Dark side of cloud—How people and organizations are unable to adapt to improve the business

Dark side of cloud—How people and organizations are unable to adapt to improve the business

The next BriefingsDirect cloud deployment strategies interview explores how public cloud adoption is not reaching its potential due to outdated behaviors and persistent dissonance between what businesses can do and will do with cloud strengths. Many of our ongoing hybrid IT and cloud computing discussions focus on infrastructure trends that support the evolving hybrid
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance We believe that the reliable identity assurance (See part 1) must be built on three prerequisite principles as follows. Volition of the User – with Self-Determination, Identity authentication with no confirmation of the user’s volition would lead to a world where criminals and

Prevent Data Leaks In The Cloud

More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information in the cloud, according to a recent Intel security survey. As a result, the risk of exposure through data leakage continues to increase, as well as the issue of cloud compliance.

How can enterprises ensure data remains secure amidst this rise of cloud computing? Below are some tips and best practices on how enterprises can stay compliant when using cloud storage and backup services.

  1. Classify data: Classifying high value, personally identifiable information (PII) is an important first step in knowing what an enterprise needs to protect. Classifying data such as dates of birth, social security numbers, and banking information allows access and security procedures to be increased based on the sensitivity of the data.
  1. Know where your data lives: As new regulations like the General Data Protection Regulation (GDPR) are rolled out, knowing the physical location of where enterprise data is stored will be critical to keeping data safe. It’s equally important to also know how to protect data once it leaves a device. Too much emphasis is placed on securing data at rest, and not enough on data in motion. As companies expand and operate in multiple countries, we should expect to see a rise in protecting data that’s on the move.
  1. Vet your vendors: As new data privacy regulations are implemented, enterprises must maintain continuous compliance. Gone are the days when compliance was a one-time exercise. Ensuring cloud vendor compliance will be particularly challenging for companies operating in multiple countries, as regulations vary from region to region. Companies need to stay on top of their vendors to ensure they not only disclose where data is stored but where it is processes also, they may not be the same, and businesses can no longer assume their data is safe or compliant when outsourcing to a service provider.
  1. Have an incident response plan in place: Regardless of industry — healthcare, government, education— it shouldn’t be a matter of preparing for the possibility of a cloud provider to fail in their responsibilities, but rather, the likelihood of one. By defining and implementing an incident response plan, enterprises can avoid a blame game and know who is ultimately responsible for remediating the problem from the get-go.
  1. Utilize Information Rights Management (IRM) technology: As criminals continue to target PII within corporate networks, IRM technology can be a critical tool for protecting data and maintaining compliance. This technology protects sensitive data by embedding encryption and user permissions directly into the file, instead of the systems around it. This ensures safety throughout the lifecycle of the document, both at rest and in motion and allows data to be protected in the event of a leak.
  1. Uphold a single ‘source of truth’: Whether you’re sharing data internally or externally, it’s important to maintain a single ‘source of truth’ by minimizing the number of copies shared through secure collaboration tools. This allows individuals to securely collaborate and prevent multiple copies from being distributed – reducing both the threat surface and the chance of data leak. Watermarking documents can also help an organization quickly track down the source of a data breach to minimize its effects.
  1. Encrypt data, no matter where it resides: Encrypt sensitive data 24×7, whether at rest or in motion. This isn’t a ‘nice to have’ technology; both PII and other sensitive information needs to be encrypted. Why? Encryption is your last defense against cybercriminals phishing for your privacy. When all other attempts at protecting data fail, encryption is every organization’s last hope to protect its most sensitive data from being an unwilling participant in the hacker’s game of breaches.
  1. Get smarter about passwords: By accessing just one single username or password, hackers can communicate with hundreds of others and appear credible. That gives them time to navigate within a company until they reach the target— the person who has administrative access to data. If cybercriminals get their hands on a CEO’s credentials, they can send out emails to the executive team telling them to take certain actions, all without the CEO ever having a clue. Knowing the consequences can help put into context the importance of protecting data.
  1. Set permissions: By setting user permissions on a need-to-know basis, companies could significantly reduce the chances of copying and pasting data (which can easily slip into the wrong document or email address). For example, if the IT team sets default permissions in a document-sharing platform as ‘editor’ rather than ‘viewer,’ a lot of sensitive data could slip through the cracks.
  1. Educate, educate, educate: Last, but not least, it’s crucial to spread awareness throughout the organization. Can your employees spot a phishing email? Are they still using spreadsheets to store password information? From employees to board members to vendors, there’s no such thing as too much education. The first step to preventing data leaks is knowing the potential consequences, as well as best practices, to prevent the spread of attack.

Apart from the fundamental and basic steps organizations need to follow to secure data (like network firewalls and endpoint protection tools), enterprises implementing the above best practices will prevent their chances of leaking highly sensitive data stored in the cloud.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website

TOP ARCHIVES

A Smart Data Approach to Assurance in a Hybrid Cloud Environment

A Smart Data Approach to Assurance in a Hybrid Cloud Environment

Smart Data Approach Microsoft and Amazon both reported significant growth in their cloud businesses recently. Revenue for Microsoft’s Azure increased ...
Why should SMEs embrace Cloud ERP solutions?

Why should SMEs embrace Cloud ERP solutions?

SMEs & ERP Solutions Remaining competitive in the market is the primary goal of every business. For SMEs, moving to ...
The Current Wave of Smart Home Technology

The Current Wave of Smart Home Technology

The Future of Smart Home Technology Some say the vision of smart homes kicked off with the invention of household ...
Aruna Cisco

66% Say They’d Switch Vendors in Order to Get an Intelligent Online Meeting Solution

People are getting frustrated with online and video meetings. In fact, according to a recent survey, 85% say they are ...
Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Why Accept the Hype? Time to Transform How We Approach Emerging Technology

Time to Transform How We Approach Emerging Technology It’s like a rite of passage – a new technology pops onto ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, competitors and even foreign governments. Every day, we hear about how another retailer, bank or Internet company has been hacked ...
Worldwide Spending on Augmented and Virtual Reality Expected to Surpass $20 Billion in 2019, According to IDC

Worldwide Spending on Augmented and Virtual Reality Expected to Surpass $20 Billion in 2019, According to IDC

FRAMINGHAM, Mass., December 6, 2018 – Worldwide spending on augmented reality and virtual reality (AR/VR) is forecast to be nearly $20.4 billion in 2019, an increase of 68.8% over the $12.1 billion International Data Corporation (IDC) expects will be spent this ...

CLOUD PROGRAMS

Microsoft Professional Program in Cybersecurity

Microsoft Professional Program in Cybersecurity

As the number of cyberthreats continues to increase, the demand for skilled cyber professionals is also growing. Become knowledgeable on the wide set of skills that will allow you to start or grow a cybersecurity career. Protect. Describe the current threat ...

$990.00Learn More

CISSP® Exam Prep Course

CISSP® Exam Prep Course

The CISSP® Exam Prep Course prepares test-takers for the Certified Information Systems Security Professional exam, as administered by the International Information System Security Certification Consortium (ISC)2. The CISSP® certification is recognized worldwide and adheres to the strict standards of ISO/IEC ...

$549.00Enroll Now

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.