How to Stop Worrying and Love the Rise of the Machines!

How to Stop Worrying and Love the Rise of the Machines!

Love the Rise of the Machines! Announcing a new blog: “Leveraging the Engines of the Digital”. Are you overwhelmed by all the buzzwords, studies and new apps? Here’s an invitation to become more digitally fluent and navigate this new world. Read on! It’s late and
Advanced Analytics & Artificial Intelligence: What Every Executive Needs to Know

Advanced Analytics & Artificial Intelligence: What Every Executive Needs to Know

The focus of this year’s Enaxis Leadership Forum was “Developing Digital Capability”. The event saw business and technology leaders from more than 40 Fortune 500 organizations across diverse industries come together for a meeting of the minds and to share their own experiences with going

CONTRIBUTORS

The Unintended – and Intended – Consequences of Cloud Data Sovereignty

The Unintended – and Intended – Consequences of Cloud Data Sovereignty

Cloud Data Sovereignty It seems that everything has unintended consequences – whether positive or negative. Intended consequences are those that ...
Winning the data intelligence game

Winning the data intelligence game

Data intelligence A case can be made that every company is now a data company. But, it is the effective ...
Marty Puranik

HIPAA Risk Assessment Guide for Smaller Practices

HIPAA Risk Assessment Guide Disconcertingly, one in four practices (25%) are failing meaningful use audits by the Centers for Medicare ...

RECENT NEWS

Pressure grows on Zuckerberg to attend Facebook committee hearing

Pressure grows on Zuckerberg to attend Facebook committee hearing

Australia, Argentina and Ireland join UK and Canada in urging Facebook CEO to give evidence to parliaments Parliamentary committees from ...
Alibaba's on-demand online services unit valued at $30 billion: sources

Alibaba’s on-demand online services unit valued at $30 billion: sources

HONG KONG (Reuters) - Alibaba Group’s newly formed on-demand online services unit has rocketed in value to as much as ...
Oracle Cloud Unveils New HPC Offerings to Support Mission Critical Workloads

Oracle Cloud Unveils New HPC Offerings to Support Mission Critical Workloads

Oracle Cloud Unveils New HPC Offering Oracle now provides a complete set of solutions for any high performance computing workload, ...
Amazon picks New York City, Virginia for $5 billion new headquarters

Amazon picks New York City, Virginia for $5 billion new headquarters

SAN FRANCISCO (Reuters) - Amazon.com Inc (AMZN.O) said on Tuesday it will build offices for up to 25,000 people in ...
The New Industrial Revolution – According to the WSJ

The New Industrial Revolution – According to the WSJ

The insert in today’s US print edition of the Wall Street Journal is called The New Industrial Revolution. The paper updates ...
Daren Glenister

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud

More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information in the cloud, according to a recent Intel security survey. As a result, the risk of exposure through data leakage continues to increase, as well as the issue of cloud compliance.

How can enterprises ensure data remains secure amidst this rise of cloud computing? Below are some tips and best practices on how enterprises can stay compliant when using cloud storage and backup services.

  1. Classify data: Classifying high value, personally identifiable information (PII) is an important first step in knowing what an enterprise needs to protect. Classifying data such as dates of birth, social security numbers, and banking information allows access and security procedures to be increased based on the sensitivity of the data.
  1. Know where your data lives: As new regulations like the General Data Protection Regulation (GDPR) are rolled out, knowing the physical location of where enterprise data is stored will be critical to keeping data safe. It’s equally important to also know how to protect data once it leaves a device. Too much emphasis is placed on securing data at rest, and not enough on data in motion. As companies expand and operate in multiple countries, we should expect to see a rise in protecting data that’s on the move.
  1. Vet your vendors: As new data privacy regulations are implemented, enterprises must maintain continuous compliance. Gone are the days when compliance was a one-time exercise. Ensuring cloud vendor compliance will be particularly challenging for companies operating in multiple countries, as regulations vary from region to region. Companies need to stay on top of their vendors to ensure they not only disclose where data is stored but where it is processes also, they may not be the same, and businesses can no longer assume their data is safe or compliant when outsourcing to a service provider.
  1. Have an incident response plan in place: Regardless of industry — healthcare, government, education— it shouldn’t be a matter of preparing for the possibility of a cloud provider to fail in their responsibilities, but rather, the likelihood of one. By defining and implementing an incident response plan, enterprises can avoid a blame game and know who is ultimately responsible for remediating the problem from the get-go.
  1. Utilize Information Rights Management (IRM) technology: As criminals continue to target PII within corporate networks, IRM technology can be a critical tool for protecting data and maintaining compliance. This technology protects sensitive data by embedding encryption and user permissions directly into the file, instead of the systems around it. This ensures safety throughout the lifecycle of the document, both at rest and in motion and allows data to be protected in the event of a leak.
  1. Uphold a single ‘source of truth’: Whether you’re sharing data internally or externally, it’s important to maintain a single ‘source of truth’ by minimizing the number of copies shared through secure collaboration tools. This allows individuals to securely collaborate and prevent multiple copies from being distributed – reducing both the threat surface and the chance of data leak. Watermarking documents can also help an organization quickly track down the source of a data breach to minimize its effects.
  1. Encrypt data, no matter where it resides: Encrypt sensitive data 24×7, whether at rest or in motion. This isn’t a ‘nice to have’ technology; both PII and other sensitive information needs to be encrypted. Why? Encryption is your last defense against cybercriminals phishing for your privacy. When all other attempts at protecting data fail, encryption is every organization’s last hope to protect its most sensitive data from being an unwilling participant in the hacker’s game of breaches.
  1. Get smarter about passwords: By accessing just one single username or password, hackers can communicate with hundreds of others and appear credible. That gives them time to navigate within a company until they reach the target— the person who has administrative access to data. If cybercriminals get their hands on a CEO’s credentials, they can send out emails to the executive team telling them to take certain actions, all without the CEO ever having a clue. Knowing the consequences can help put into context the importance of protecting data.
  1. Set permissions: By setting user permissions on a need-to-know basis, companies could significantly reduce the chances of copying and pasting data (which can easily slip into the wrong document or email address). For example, if the IT team sets default permissions in a document-sharing platform as ‘editor’ rather than ‘viewer,’ a lot of sensitive data could slip through the cracks.
  1. Educate, educate, educate: Last, but not least, it’s crucial to spread awareness throughout the organization. Can your employees spot a phishing email? Are they still using spreadsheets to store password information? From employees to board members to vendors, there’s no such thing as too much education. The first step to preventing data leaks is knowing the potential consequences, as well as best practices, to prevent the spread of attack.

Apart from the fundamental and basic steps organizations need to follow to secure data (like network firewalls and endpoint protection tools), enterprises implementing the above best practices will prevent their chances of leaking highly sensitive data stored in the cloud.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

View Website

Cloud Community Supporters

(ISC)²
Cisco
SAP
CA Technologies
Dropbox

Cloud community support comes from (paid) sponsorship or (no cost) collaborative network partnership initiatives.