Light Dark
September 19, 2018 By Leslie Wiggins 3 min read
Cloud Security
Data Protection

These days, enterprises are increasingly running their business from the cloud. But the portion of your business that’s running in this environment presents numerous security challenges. When it comes to cloud data protection, it’s not just credit card numbers and personally identifiable information (PII) that need protecting, but also the data that represents the majority of your company’s value: your intellectual property. This includes your product designs, marketing strategy, financial plans and more. To add to the complexity, much of that data is stored in disparate repositories.

How do you know if you’re doing enough to protect the cloud-stored data that’s most crucial to your business? To keep malicious actors away from your cloud-bound crown jewels, you need the cybersecurity equivalent of a guard dog — one that knows when to bark, when to bite and when to grant access to those within its circle of trust.

Let’s take a closer look at some challenges related to protecting data in the cloud and outline key considerations when selecting a cloud security provider.

What to Do When Data Is Out of Your Hands

Data that’s stored in the cloud is inherently accessible to other people, including cloud service providers, via numerous endpoints, such as mobile devices and social media applications. You can no longer protect your sensitive data by simply locking down network access.

You need security against outside threats, but you also need it on the inside, all the way down to where the data resides. To address this, look for a provider that offers strong data encryption and data activity monitoring, inside and out.

Data Is Here, There and Everywhere

With the growth of mobile and cloud storage, data is here, there, in the cloud, on premises, and everywhere in between. Some of it is even likely stored in locations you don’t know about. Not only does everyone want access to data, they expect access to it at the click of a mouse. A complete cloud data protection solution should have the following:

  • Mature, proven analytical tools that can analyze your environment to automatically discover data sources, analyze those data sources to discover the critical, sensitive, regulated data, and intelligently and automatically uncover risks and suspicious behavior.
  • Protection with monitoring across all activity, both network and local, especially the actions of privileged users with access to your most sensitive data. Of course, you should also protect data with strong encryption.
  • Adaptability to your changing and expanding environment, with a security solution that can support hybrid environments and seamlessly adjust to alterations in your IT landscape.

How to Gain Visibility Into Risks and Vulnerabilities

Detecting risks of both internal and external attacks is more challenging as data repositories become more virtualized. Common vulnerabilities include missing patches, misconfigurations and exploitable default system settings.

Best practices suggest authorizing both privileged and ordinary end users according to the principle of least privilege to minimize abuse and errors. A robust cloud data protection solution can help secure your cloud and hybrid cloud infrastructure with monitoring and assessment tools that reveal anomalies and vulnerabilities.

Choose the Right Data-Centric Methodology

A data-centric methodology should go hand in hand with the solutions outlined above to support cloud data protection. Make sure your data security solution can do the following:

  • Automatically and continuously discover data sources that you may not have realized existed. This means classifying the data in those databases to understand where you have sensitive, regulated and high-risk data.
  • Harden data sources and data. For data sources, that means understanding what vulnerabilities exist and who has access to data based on entitlement reports. For hardening data, your solution should enable you to set policies around who has access and when access needs to be blocked, quarantined or possibly allowed but masked before granting access.
  • Monitor all users, especially privileged users, to be able to prove to auditors that they are not jeopardizing the integrity of your data.
  • Proactively protect with blocking, quarantining and masking, as well as threat analytics that cover all data sources and use machine learning. Threat analytics can help you understand which activities represent normal, everyday business and which are suspect or anomalous — information that humans can’t possibly uncover on a large scale.

Find a Guard Dog for Your Cloud Data Protection

If your organization is just starting out with data protection, consider a software-as-a-service (SaaS) risk analysis solution that can enable you to quickly get started on the first two steps outlined above. By starting with a solution that supports discovery, classification and vulnerability assessments of both on-premises and cloud-based data sources, you can make demonstrable progress with minimal time and technology investment. Once you have that baseline, you can then start investigating more comprehensive data activity monitoring, protection and encryption technologies for your cloud-bound data.

Discover Guardium Analyzer

 |  |  |  |  |  |  |  |  |  | 
Leslie Wiggins
Program Director, IBM Security

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

September 14, 2023

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature