Avoid Getting Rained On: Keep Your Data Secure in Your Cloud

As we finally move on from the cold grips of winter to the (hopefully) warmer weather of spring, I’ve been out visiting with CISOs, IT Directors, and CSOs in an effort to find out what their key initiatives are going to be in 2019. Some things (like block chain) seem to have started to drop off the radar, as something does every year. Not surprisingly, data security and privacy are a hot item again – one only needs to quickly scan their daily newsfeed to find evidence of why. The realization and use of data analytics for customer insights was of course still en vogue. One that surprised me though was “the cloud” – that is, journeying from on-prem to hybrid or fully cloud-based resources – as I expected it would be lower on the list given that we’ve all been moving to the cloud for the last 10+ years.

It wasn’t until I stepped outside later that afternoon in Ft. Myers that it literally hit me on the head – the skies opened up and I was drenched in a passing spring shower while en route to catch some Red Sox Spring Training action. Perhaps I should use my bag as an umbrella more often because while running between the drops it occurred to me that it wasn’t really separate items, it was actually one: secure data analytics in the cloud. Data analytics projects get stopped all the time due to security concerns and security concerns have always been an issue with cloud adoption, so as the trend goes towards having analytics and therefore PII and other sensitive data in the cloud, it seems the problems of old are becoming new again. Basically, no one wants their data leaking down and out of their cloud any more than my literal drenching in SW Florida.

One of the key challenges in moving data analytics projects to the cloud is security. We need to use our data and we need to share our data, so we think about the cloud because it’s really ideal for those purposes and now there are lots of great tools available. But we also realize that we don’t control the cloud in a physical way – not to mention all the sharing of data we want to do – so there is a wringing of the hands trying to figure out the right approach that gives us the flexibility and security we need at the same time. All of this makes it hard to get a cloud-based data analytics initiative off the ground – I have talked to so many people who have stalled or shelved these initiatives due to security concerns. In the end, corporate innovation and the incredible insights that these projects offer us are on the shelf too, unfortunately.

Recently, there have been offerings by providers to help combat this, such as strong authentication, HSMs and key management services, transparent encryption of storage and files, and even data masking.  I know that Google, Amazon, Microsoft, and others feel obligated to offer these but I think they forget that these techniques didn’t help us during breaches of our own servers so I’m not sure why they think it’s going to help in the cloud – it likely won’t. Not to mention it makes it painful to share data and of course if you have a hybrid environment, you have to pay for that protection twice – once in your own datacenter and (at least) once more to your cloud provider. These measures are what I call the broken umbrellas of the IT world – everyone knows they “leak” data but yet it’s amazing how many people you see using them in a storm.

I think there is a more ideal solution here – one that you can deploy and use with or alongside any of those other protective measures in the cloud. Data-centric security allows you to protect and use/move/share/analyze your data. Once data is protected, it can be moved into the cloud like any other data and, regardless of what happens in the cloud, your data will be secure because the protection goes with the data. One of the other key elements to data-centric security is the ability to use protected data instead of having to unprotect it to use it because the protection is format-preserving – meaning databases and applications play nicely with protected data. Another is a cool thing called referential integrity where there is a one-to-one relationship between a given piece of data and its protected version – something that is key when doing analytics. Quite frankly, I see data-centric security as an enabler to data analytics projects and to cloud projects, so it’s really the glue that can satisfy both the data folks and the security folks and bring these projects to fruition. But, by far, the most overriding thing is that it keeps your data secure and it keeps it from leaking out of your cloud.

Stay dry out there folks, it’s gonna be a wet spring!

*** This is a Security Bloggers Network syndicated blog from comforte Insights authored by Warren Poschman. Read the original post at: