We have seen a mass migration to the cloud over the past two years that few could have predicted. But are organizations taking the necessary actions to protect their data?
Adopting a DataSecOps approach to cloud security could be the key to keeping your data safe in the cloud.
What is DataSecOps?
The idea behind DataSecOps is that security teams collaborate early and often with data scientists and data engineers to ensure security is a top consideration for every decision.
When data security is woven into a cloud environment’s DNA, it drastically reduces the risk of a data breach. In a security-first cloud environment, organizations can store, analyze and share data confidently instead of reacting to a potential problem and adding security measures once a problem emerges. Should a breach occur, it is of no use to a cybercriminal. (Also read: How to Prepare for the Next Generation of Cloud Security.)
Be aware, however, that a DataSecOps approach requires a great deal of deliberation and consideration. As organizations have rushed to the cloud in response to a remote work environment, many have prioritized speed over security and are beginning to feel the consequences.
The benefits of taking the time to implement a DataSecOps approach will outweigh the short-term benefits of quickly migrating to the cloud.
With that said, here are three other ways to keep your data safe in the cloud as you begin to build your DataSecOps approach:
1. Implement a Data Security Mesh
According to Gartner, a data security mesh “allows for the security perimeter to be defined around the identity of a person or thing. It enables a more modular, responsive security approach by centralizing policy orchestration and distributing policy enforcement.”
Working in the cloud requires moving away from the traditional “protect the perimeter” security mindset. In the past, securing data in on-premise environments used to be relatively straightforward: Put up a firewall and prevent access. There wasn’t as much need for data to leave that environment; and most code was homegrown.
The onset of cloud migration shifted many industries toward a distributed environment without a perimeter. Further complicating data security is that each device accessing the cloud is only as secure as the network from which it does so—whether from home or a nearby coffee shop. That’s one reason why during the past year, we have seen greater reliance on mesh networking. (Also read: A Zero Trust Model is Better Than a VPN. Here’s Why.)
An essential step toward implementing a data security mesh is to thoroughly audit your organization’s existing technology to determine if it is appropriate for cloud data security. For example, on-premise security methods should focus heavily on data at rest.
Public cloud data is stored and processed in infrastructures that the data owner does not own. This is why distributed cloud data has inspired different processes to ensure its protection. (Also read: Who Owns the Data in a Blockchain Application – and Why It Matters.)
2. Employ Data Analytics Pipeline Protection Methods
Data analytics is one of the cloud’s most important benefits, offering unprecedented scale and utilizing insights for market differentiation. It stands to reason that organizations should ensure data is protected throughout its lifecycle through the pipeline—and doing so requires a wide range of situational techniques.
As data is created, it is unstructured and needs to be categorized to determine how it should be protected. The first step of categorizing data is to determine if the data in question includes sensitive information, like a Social Security number (SSN), home address or credit card number. If sensitive information is discovered within the data, but that data doesn’t need to be analyzed, the data can be hashed. This process completely hides the sensitive information with characters in a different format. (Also read: Never Really Gone: How to Protect Deleted Data From Hackers.)
Now, let’s say the same data containing sensitive information does need to be analyzed. In this case, data can be tokenized for midstream use in the pipeline. Using the SSN above as an example, its nine digits would be replaced by nine other numbers, leaving the appearance of an SSN but would be of no use to an unauthorized person accessing it. At the same time, applications can analyze the data set without putting sensitive data in the clear.
Downstream, encryption is applied to convert data into unreadable cipher text that a privileged few can decrypt with a key. This approach, known as “privacy-preserving analytics,” allows encrypted data to be processed while still remaining unreadable and unusable to those without access.
3. Understand the Details of Shared Responsibility
Failing to fully understand the shared responsibility model is one of the most overlooked aspects of cloud data security.
Many organizations have been under the inaccurate impression that their cloud provider protects data. However, most cloud providers only shoulder the responsibility of protecting the cloud—not the data inside. To put it another way: The home security company is responsible for keeping criminals out of the house; but it is the homeowner’s responsibility to hide or lock up valuables.
Before moving forward with a cloud provider, make sure to know who is responsible for what and take the necessary steps to ensure your organization has appropriate protection methods in place. It is entirely acceptable to ask a potential cloud service provider how they support industry or governmental regulations that your organization must follow. (Also read: GDPR: Do You Know if Your Organization Needs to Comply?)
In many respects, cloud data security differs dramatically from on-premise security. Having the right strategies can prevent or drastically minimize the impact of a breach while helping maintain data’s business value.
That’s why DataSecOps should be part of any organization’s cloud security approach.