<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2038511469714819&amp;ev=PageView&amp;noscript=1">

Cloud Data Security: A 360 Degree guide

11 Nov., 2019

Cloud is going to rapidly proliferate, due to the accelerated and rapid growth of emerging technologies powered by cloud. Cloud computing powered technologies are becoming the norm in everyday life and are appearing on business agendas across sectors. By 2020, we can expect to be seeing increasingly relevant applications of Big Data, AI, IoT, VR, and even Drones in our everyday lives.



Cloud is a necessary component for any company to enable Line of Businesses (LOBs) to support speed of innovation and required to maintain competitive age. Which entails the C-level should be ready to deploy cloud solutions at scale with a short turnaround time.

As the LOBs are looking at multiple solutions at the same time, the Information Security and Data Security teams are struggling to maintain the proper (required) level of security. Result is that companies are going ahead with their cloud enablement strategies without properly thinking through data security strategy and its consequences.



Buildings blocks for a 360-degree security posture

We need to go back to the basics and start from identifying the focus areas for security. Albeit not exhaustive here is a list of strategic areas which must be thought through.

Yes, it will be some work at the beginning, but this pain will help greatly to create a security baseline and accelerate the speed of deployment of future cloud services.  

Network Access Control (NAC)

Start with an initial NAC project to make key governance decisions on how to authenticate, enforce device access, select a NAC solution and gain visibility into connected devices.

Implement the architecture and operational processes needed to authenticate devices to the network. Implement controls that provide deeper levels of device inspection and enforcement of policy based on device security posture, once authentication is successful.

Furthermore a comprehensive plan needs to be created along with your Network Security and Information Security teams and if needed external consultants. The external consultants often help in assessing your network infrastructure from an objective perspective.

Adaptive access control

Traditional authentication and access management methods do not suffice anymore for cloud workloads. You need to enable context-aware access control that acts to balance the level of trust against real time threats of access using some combination of trust elevation and other dynamic risk mitigation techniques.

Context awareness and dynamic awareness respectively mean that access decisions reflect current conditions, and that access can be safely allowed where otherwise it would have been blocked. Traditional access restrictions (such as the need to always use an intrusive higher-trust user authentication method) can be relaxed while risk is low, thus improving user experience (UX).

Incumbent Identity and Access Management (IAM) providers are rapidly developing these capabilities. Additionally, there are multiple innovative entrants. Hence a vendor policy might also be necessary.

Data loss prevention (DLP)

DLP is probably the most important piece of your cloud security strategy. Your DLP strategy should be three-pronged Network DLP (in transit), Storage DLP (at rest), Endpoint DLP.

The implementation of DLP solutions should be preceded by a study focused on the needs of the business. The results should report the points of vulnerability, allowing the establishment of a set of solutions to meet the evidenced needs. Having full control over the environment, as well as understanding the different types of DLPs, and their applications are particularly important to avoid data loss in the corporate environment.

Content scanning and Sensitive Data Monitoring

Content needs to be scanned regularly. However, this network snipping and monitoring has performance impacts. Hence selective monitoring should be the way. There are technologies like WAF which are highly advanced and configurable.

Risk identification and reporting

It is vital to perform risk assessments on a regular basis. This helps to detect any possible dangers to organization data, through this assessment the organization’s current data security is examined to check if there are any vulnerabilities; and therefore, solutions are or can be formulated to address and mitigate the possible risks.

Cloud visibility and governance

In a recent survey from Dimensional Research 38% of IT security professionals surveyed cited insufficient visibility as a key factor in application outages and 31% in network outages. More than 90% of respondents identified a direct link between comprehensive cloud usage visibility and business value. It goes without saying visibility into the current cloud workloads being used and governance policy to restrict usage of Shadow IT is critical.

Finally prepare for the worst


The only contingency plan against stolen data is de-sensitizing it with encryption or tokenization. Even more important is to control not only the keys used for the encryption but the whole encryption process. No one can prevent data from being stolen, but the eperi Gateway can prevent that stolen data can be used. The eperi Gateway provides state-of-the-art encryption and deployment flexibility to fit your organizations complex infrastructure and standard cloud applications like Salesforce, Office 365, ServiceNow, SAP SuccessFactor. Even customized web applications are supported with this GDPR-compliant data security.

Contact us: abhishek.das@eperi.com
Author: Abhishek Das - Vice President Customer Success

To know more follow the author on LinkedIn


Share Button: LinkedIn Share Button: XING