Best Practices for Effective Cloud Data Security

This blog was originally published by Laminar here.

Written by Andy Smith, Laminar.

Digital transformation and the shift to the cloud have accelerated in the past couple of years due to COVID-19 and the remote, work-from-home business model. Gartner projects that companies will spend nearly $400 billion on public cloud platforms in 2022.

The more organizations embrace the cloud, the more data is stored in the cloud. More than 60% of corporate data is stored in the cloud today, which is double what it was just seven years ago—and that figure continues to grow.

There is enterprise data security on-premises and cloud security for infrastructure, but nothing secures data for everything you build and run in the cloud. While developers and data scientists have free reign to capture, copy and manipulate sensitive data in public cloud environments, security and data teams have lost visibility and have much less control.

Challenges of Protecting Data in the Cloud

Adapting to the cloud has created a number of unique pain points for organizations in terms of data protection. For one, there is a serious lack of visibility for the IT teams tasked with data security. Multiple departments can use SaaS (Software-as-a-Service) applications and cloud storage platforms, and developers can spin up new databases without the knowledge or consent of IT. The net result is that there is no consolidated view of data across the environment.

The problem is exacerbated by a lack of context that leads to an inefficient allocation of resources. After all, not all data is created equally. Some data is more sensitive or confidential and deserves greater protection. Still, security controls are often applied uniformly for the entire environment rather than understanding the context and prioritizing data security efforts accordingly.

Cloud computing and digital transformation have dramatically expanded the exposed attack surface that IT teams need to defend. The exposure of data across a hybrid or multi-cloud environment, combined with the lack of comprehensive visibility, makes it impossible to assess your data security posture accurately. The complexity of the environment also makes it virtually impossible to monitor for attacks in progress or detect data leaks effectively.

Protecting data across an increasingly complex web of platforms and applications is a challenge. Organizations need to find the balance and take advantage of the agility and scalability of cloud computing without sacrificing data security.

Cloud Data Security Methodology

The Laminar Cloud Data Security Methodology provides a framework and strategy for assuring data security in the cloud. Effective data protection is dependent on four primary pillars: Discover, Prioritize, Secure, and Monitor:

• Discover: It seems both obvious and trite, but the reality is that you cannot protect what you can’t see. Effective data security in the cloud begins with knowing what data you have, who owns it, and where it is located. Data security and data governance both require that you have a way to find, characterize and classify known data and “shadow” or unknown data across your entire environment.
• Prioritize: Once you have comprehensive visibility of your data, you need to understand the context of the data and prioritize protection accordingly. You should analyze the data and where and how it is used and allocate data security based on a variety of factors, including the sensitivity of the data, the current security posture, governance, and compliance mandates and exposure.
• Secure: You need to strengthen and maintain your data security posture. This means reducing and minimizing the attack surface and enforcing data security best practices and established data policies.
• Monitor: There is no perfect defense. Attacks will still happen despite data policies and best practices. Effective cloud data security also requires vigilance—detecting new data assets or changes to existing assets. The IT teams tasked with data security should continuously monitor the environment for access anomalies and indications of data leaks or compromise.

Effective Cloud Data Security

The cloud is not optional at this point. Organizations need to take advantage of the accessibility, agility, scalability, and cost-efficiency to remain competitive. However, it is also important to effectively manage security and data protection across this expanding and increasingly complex environment.

Cloud-native data requires cloud-native protection and data-centric cloud security. Modern-day cloud data protection solutions must go beyond identity and access management and basic security controls for accessing cloud applications and services and address the unique challenges of protecting data in the cloud.

Organizations need complete data observability for everything in their hybrid, multi-cloud environments. Data protection teams have to have tools in place to autonomously discover and classify new datastores for complete visibility, prioritize risk based on data sensitivity and risk posture, secure data by remediating weak controls, and actively monitor for egress and access anomalies. The Cloud Data Security Methodology is a crucial component of that strategy. It is essential for enabling data security teams to reduce the attack surface, detect data leaks in real-time, and regain control over their data.