As a direct response to the market, cloud service providers have sought to address concerns that inhibited widespread mainstream adoption. Companies like Amazon, Salesforce and Xactly — keen to reassure customers and make their services ubiquitous — have made huge improvements in transparency, identifying vulnerabilities, offering encryption, automated updates and more stringent authentication, while other vendors are offering cloud data protection gateways, security as a service or allowing business users to bring their own encryption keys.
As a result, cloud security is no longer seen as such a vulnerability and businesses in every sector are now confidently adopting the technology despite the sensitive nature of the information they hold. However, it is important that organizations are cognizant that responsibility for data is not outsourced along with the service; the responsibility remains that of the owner. In this slideshow, Protegrity highlights five trends on cloud security in today’s most data-driven organizations.
Cloud Security Trends for 2016
Click through for five cloud security trends expected in 2016, as identified by Protegrity.
Organizations have embraced the non-stop, on-demand nature of an increasingly connected world to take advantage of the savings, ease of use, simplified processes and Big Data insights that cloud services offer. Industry reports show that greater confidence in cloud security and increased use of technologies such as mobile, virtualization and the IoT have led in turn to the majority of businesses keeping a variety of types and formats of sensitive information in increasing amounts in the cloud. Variety and volume of data can be complicated to manage and businesses should consider the implications of this for compliance with industry regulations or legal requirements.
Headlines announcing massive exposures of personal information show that hackers are keeping up with the trends of the masses, following the data trail to the cloud too; statistics show they are focusing their attention on the private information and intellectual property that commands a higher price on the black market than credit card and financial data. Sensitive data is valuable data and will always be under threat of breach by nefarious internal operatives, cyber criminals, nation-state hackers and even government intrusion. Despite the best efforts of cloud service providers to offer native security, there is still more that can be done. Forward-thinking, responsible data custodians are taking steps to mitigate the impact of a breach by combining traditional and native security practices with a data-centric approach to protecting the data itself, at rest and in motion, enterprise wide.
For some industries, the sensitivity of their data is greater and more of a priority due to the nature of their business, internal policy, industry regulation or national and international law.
In this situation, organizations look to secure the enterprise for peace of mind and compliance but, as traditional boundaries are blending with the cloud, Gartner recognizes that the flow of data is hard to manage and suggests using Cloud Access Security Brokers (CASBs) as a “required” solution. CASBs protect data and enable cloud adoption without loss of control using an encryption or tokenization gateway and authentication, providing more granular access to data and visibility by defining and logging who sees what, where and when.
Tokenization has long been used by the PCI industry to protect credit card data from breach while retaining its vital usability for business processes. Now organizations from every sector are taking advantage of the technology in the cloud to confidently desensitize important information in order to meet ever more astringent data laws and regulations. Long established regulatory authorities have updated or are reissuing guidelines to ensure data security is extended into the cloud, and governments across the globe are rewriting their data protection laws to reflect technological advances made since their inception. The European Court of Justice recently declared EU-US data-sharing framework Safe Harbor invalid, leaving international businesses under considerable pressure to find alternatives before the new EU Data Protection Regulation is published at the end of this year. Tokens have no mathematical relationship to the original data and can be used in SaaS applications to protect multiple data types from exposure as they travel across international borders. And, as no real data is present, data sovereignty and privacy laws can be honored.
Data is an asset and a responsibility, but as traditional boundaries become virtual borders it is no longer clear within the enterprise whose responsibility it is. In high-profile data breaches, CTOs, CEOs and even CFOs have both taken the blame and pointed fingers. Business users are able to bypass traditional and often cumbersome procurement and implementation steps by going directly to services provided in the cloud without the need for collaboration with their colleagues in other departments. In this scenario it is essential that organizations take steps to protect themselves by creating enterprise-wide data security awareness and policies that include knowledge of the data flow, data-centric protection and an understanding of where keys are made available and stored, and who has access to the keys. In this way responsibility is shared, risk is reduced and security is increased.