10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud

More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information in the cloud, according to a recent Intel security survey. As a result, the risk of exposure through data leakage continues to increase, as well as the issue of cloud compliance.

How can enterprises ensure data remains secure amidst this rise of cloud computing? Below are some tips and best practices on how enterprises can stay compliant when using cloud storage and backup services.

  1. Classify data: Classifying high value, personally identifiable information (PII) is an important first step in knowing what an enterprise needs to protect. Classifying data such as dates of birth, social security numbers, and banking information allows access and security procedures to be increased based on the sensitivity of the data.
  1. Know where your data lives: As new regulations like the General Data Protection Regulation (GDPR) are rolled out, knowing the physical location of where enterprise data is stored will be critical to keeping data safe. It’s equally important to also know how to protect data once it leaves a device. Too much emphasis is placed on securing data at rest, and not enough on data in motion. As companies expand and operate in multiple countries, we should expect to see a rise in protecting data that’s on the move.
  1. Vet your vendors: As new data privacy regulations are implemented, enterprises must maintain continuous compliance. Gone are the days when compliance was a one-time exercise. Ensuring cloud vendor compliance will be particularly challenging for companies operating in multiple countries, as regulations vary from region to region. Companies need to stay on top of their vendors to ensure they not only disclose where data is stored but where it is processes also, they may not be the same, and businesses can no longer assume their data is safe or compliant when outsourcing to a service provider.
  1. Have an incident response plan in place: Regardless of industry — healthcare, government, education— it shouldn’t be a matter of preparing for the possibility of a cloud provider to fail in their responsibilities, but rather, the likelihood of one. By defining and implementing an incident response plan, enterprises can avoid a blame game and know who is ultimately responsible for remediating the problem from the get-go.
  1. Utilize Information Rights Management (IRM) technology: As criminals continue to target PII within corporate networks, IRM technology can be a critical tool for protecting data and maintaining compliance. This technology protects sensitive data by embedding encryption and user permissions directly into the file, instead of the systems around it. This ensures safety throughout the lifecycle of the document, both at rest and in motion and allows data to be protected in the event of a leak.
  1. Uphold a single ‘source of truth’: Whether you’re sharing data internally or externally, it’s important to maintain a single ‘source of truth’ by minimizing the number of copies shared through secure collaboration tools. This allows individuals to securely collaborate and prevent multiple copies from being distributed – reducing both the threat surface and the chance of data leak. Watermarking documents can also help an organization quickly track down the source of a data breach to minimize its effects.
  1. Encrypt data, no matter where it resides: Encrypt sensitive data 24×7, whether at rest or in motion. This isn’t a ‘nice to have’ technology; both PII and other sensitive information needs to be encrypted. Why? Encryption is your last defense against cybercriminals phishing for your privacy. When all other attempts at protecting data fail, encryption is every organization’s last hope to protect its most sensitive data from being an unwilling participant in the hacker’s game of breaches.
  1. Get smarter about passwords: By accessing just one single username or password, hackers can communicate with hundreds of others and appear credible. That gives them time to navigate within a company until they reach the target— the person who has administrative access to data. If cybercriminals get their hands on a CEO’s credentials, they can send out emails to the executive team telling them to take certain actions, all without the CEO ever having a clue. Knowing the consequences can help put into context the importance of protecting data.
  1. Set permissions: By setting user permissions on a need-to-know basis, companies could significantly reduce the chances of copying and pasting data (which can easily slip into the wrong document or email address). For example, if the IT team sets default permissions in a document-sharing platform as ‘editor’ rather than ‘viewer,’ a lot of sensitive data could slip through the cracks.
  1. Educate, educate, educate: Last, but not least, it’s crucial to spread awareness throughout the organization. Can your employees spot a phishing email? Are they still using spreadsheets to store password information? From employees to board members to vendors, there’s no such thing as too much education. The first step to preventing data leaks is knowing the potential consequences, as well as best practices, to prevent the spread of attack.

Apart from the fundamental and basic steps organizations need to follow to secure data (like network firewalls and endpoint protection tools), enterprises implementing the above best practices will prevent their chances of leaking highly sensitive data stored in the cloud.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Synchronoss. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website
Using Cloud Analytics To Improve Customer Experience

Using Cloud Analytics To Improve Customer Experience

Evolution of Cloud Analytics Moving data to the cloud, once considered a strenuous task, has now become commonplace in most ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws: Consistently Inconsistent

International Data Privacy Laws Many multinational enterprises are faced with a plethora of restrictions and regulations both in their home ...
Turn to the Cloud as Part of Your Data Breach Strategy

Turn to the Cloud as Part of Your Data Breach Strategy

Data Breach Strategy The latest Verizon Data Breach Investigations Report is out, and the verdict is in: data breaches are ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
RSA Conference: FUD-free or filled?

RSA Conference: FUD-free or filled?

IoT 15 Billion Units By 2021 At the annual RSA conference, there were plenty of discussions and presentations on the ...
Safeguarding Data When Employees Leave The Company

Safeguarding Data When Employees Leave The Company

Safeguarding Data Employee turnover is unavoidable. According to CompData Consulting, the average employee turnover rate in 2015 in the US ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Lessons for Corporate Board Members from the Colin Powell E-mail Hack

Corporate Board Member Security It’s every company’s worst nightmare: waking up to find your confidential company information plastered across The ...