Part 2: What’s the Right Data Security Approach for the Cloud?

In our previous article, we covered the common strategies and practices for cloud security, ranging from IAM best practices to visibility and monitoring strategies. The variety of strategies and practices raises the pressing question: Among all the strategies and practices mentioned, what is the right approach to securing the cloud??

The truth is, due to the size and complexity of the cloud, there is no one "correct” approach to address cloud security. The answer depends on the project requirements, strategies, budgeting and timeline within the project.???

However, one of the most common challenges lies in the need to secure data in hybrid and multi-cloud. Hybrid and multi-cloud environments can enhance business agility and improve time-to-market, but also introduce risks by exposing sensitive data to numerous potential breach points, both in terms of user, service and operational access. A case in point: when an organization needs to secure data in data lakes and cloud repositories, it involves safeguarding access not only from unauthorized users, but also from Platform as a Service (PaaS) administrators.??

Organizations running on hybrid and multi-cloud must consider these key data security requirements:??

1. Securing data at its core: Given the broadened attack surface and unique security protocols of each cloud environment, the strategic emphasis should be on protecting data at its core. This encompasses a comprehensive solution that secures data on-premises and across cloud platforms.?
2. Securing data flows across hybrid and multi-cloud environments: As data moves into, out of, and between clouds, each flow becomes a risk vector. This calls for multi-layered security, at data access layer, application layer, exit point and file layer.??
3. Centralized monitoring: Many organizations lack visibility over whether data in the cloud has been compromised. Companies need to implement comprehensive monitoring by aggregating numerous logs from various access points, for visibility and control across different hybrid and multi-cloud platforms.?

How to safeguard data in the cloud anywhere and everywhere??

Considering these requirements, an optimal approach to safeguard data in the cloud across hybrid and multi-cloud, with data being accessed anywhere and used everywhere, can be boiled down to the following:?

Unified Security Management?

• A centralized approach to security management is essential for securing data at its core and maintaining consistency across multiple cloud environments. It involves incorporating security features such as IAM tools and policy management into a centralized platform that works with existing infrastructure and applications. This also facilitates visibility and monitoring, as it provides a consolidated view of alerts and allows for streamlined incident management processes.?

?Data Lifecycle Management?

• Develop policies covering the entire data lifecycle, from creation to disposal, to prevent data breaches. Effective policy lifecycle management ensures that sensitive information is protected at each stage, with appropriate controls like access permissions and audit trails. It also involves regular policy reviews and audits to ensure compliance and keep up with evolving security requirements.?

?Data Protection in Transit and at Rest?

• Use secure protocols like HTTPS for data transmission and employ encryption and EDRM for data at rest and in use. For data in use, EDRM? provides an additional layer of security by controlling how unstructured data is accessed and used, ensuring that even if users are granted access to data, they cannot misuse or extract data beyond the defined usage policies.?

?Data Obfuscation and Segregation?

• Implement policy-based data obfuscation and masking techniques to protect sensitive information. For field-level data obfuscation, attribute-based policies can be enforced by policy engine utilizing dynamic authorization technology in real-time, to prevent wrongful disclosure based on who, where, when and what access should be granted. For record-level data segregation, read this Linkedin Article on implementing preventative SoD.?

?Automation and prevention??

• Automate the process of monitoring and enforcing data security policies, to prevent data breaches before they happen, reduce compliance costs and data security risks. When it comes to business-critical data, a preventive strategy is far more effective and efficient compared to a "detect and respond” approach.?

As we conclude, while there is no one-size-fits-all approach to cloud security, the need to safeguard data in hybrid and multi-cloud environments is rising among many fast-growing organizations. Organizations can meet these requirements by developing a framework based on unified security management, data lifecycle management, data protection in transit and at rest, data obfuscation and segregation.??

But what is the real game changer??

Embracing automation and prevention. By neutralizing threats before they materialize, organizations can ensure not only the security of their data in the cloud but also the resilience and ongoing success of their business.?

On that note, we’d love to hear from you – how is your organization handling the data terrain of hybrid and multi-cloud? Are there unique approaches you've found particularly effective? Please feel welcome to share your insights and experiences in the comments below.?