The Big Question: Can Sensitive Data Truly be Protected in the Cloud?
You might be thinking that the answer is no, given the increasing number of cloud-based incidents occurring in the world and hitting national and international news outlets. Let me give you some good news, though. In short, the answer is yes. And yet, you may be wondering how you can do this effectively and most securely. Well, let me tell you how, along with a little context first.
Social and market conditions demand data security
As we all know by now, the outbreak of COVID-19 and the subsequent shift to full-time remote working accelerated many organizations’ move to the cloud. However, the speed at which many organizations adopted cloud technology highlighted the weaknesses in securing data (especially sensitive PII-type information) stored within these systems. Many cybersecurity experts have called for data security improvements, so as a result we have started to see a shift in the market toward the importance of data-centric security to augment more traditional, perimeter-based forms of data protection.
Additionally, at the same time enterprises have been migrating data and applications to the cloud in a cloud-first approach, many of them have also been busy transforming their application architectures and taking advantage of modern cloud-native architectures and DevOps processes to serve their users more effectively. These organizations are looking to move more quickly and efficiently from on-premise resources to the cloud to facilitate hybrid working cultures and hyper-agility in order to be responsive to dynamic market forces. Suffice to say that they have a lot going on, and a lot to think about. Not to add another concern, but they should be thinking about next-generation data protection as they try to accomplish these goals.
Moving to the cloud with outdated protections
Rapidly transitioning from on-premise systems to the cloud has meant that employees have had to adapt to new business paradigms and workflows, all while trying to avoid slowing down business operations (and more importantly, keeping up with customer needs). Unfortunately, these conditions leave data security as a secondary or tertiary concern at best, or an afterthought at worst. This actually has some pretty serious consequence, even if you don’t consider the regulators.
Along those lines, more worryingly it means that compliance has been at least temporarily overlooked, as the ‘need for speed’ takes precedence over the efforts of the compliance team to operate safely, securely, and with 100% compliance to regulations. Consequently, organizations have put themselves at risk of both data breaches and compliance fines–two things they should be aiming to avoid at all cost—all for the purpose of getting ahead. Sounds more like one step forward, two steps back, doesn’t it?
Especially now, with employees returning to the office, security teams are realizing that their current stack and old controls aren’t working sufficiently to protect their data because they’re not fit to support a hyper-agile, cloud-distributed, perimeter-less work and data environment.
What can be done to make sure data in the cloud is protected?
This is where data-centric security comes in. Companies must have full visibility into their data and understand it fully in order to protect it sufficiently. They must make sure they know where sensitive data is, where it comes from, and who is accessing and using it. To simplify this process, companies should deploy a data-security solution that protects the data wherever it is and that can integrate with their existing solutions and security infrastructure. By data-centric, I mean an approach protecting the data itself, not the environment around the data (such as security perimeters around sensitive data).
Tokenization is one form of data-centric security that offers a format-preserving method of protection, which reduces exposure risk as applications and databases alike are able to work with the protected data. One weakness in any enterprise workflow is working with data in the clear, and more traditional protection methods such as classic encryption can “break” business applications because data format is not preserved. So how is tokenization different? Parts of the data are kept in clear text, but not enough to make it useful for unauthorized parties to read, understand, or leverage, all while the original data format is retained. As a result, even if a data breach were to occur, the data would be completely useless to any bad actor who may want to steal it for malicious purposes.
The move to the cloud certainly isn’t completely new, and companies should be doing their best to keep up with new market changes and the need for hyper-agility which can come from storing data in or using resources delivered by the cloud. One thing to keep in mind: data must be protected as early as possible upon entering your data ecosystem. Additionally, in a cloud-based environment without firm perimeters, security must now travel with the data wherever it goes. Implementing data-centric security solutions and methods such as tokenization will allow organizations to worry less about data breaches or compliance fines all while assuring their customers with the utmost protection and data privacy. Everybody wins—customer, the regulators, and your business!
*** This is a Security Bloggers Network syndicated blog from comforte Blog authored by Trevor J. Morgan. Read the original post at: https://insights.comforte.com/the-big-question-can-sensitive-data-truly-be-protected-in-the-cloud