Today, a data breach is a pain in the derriere for many enterprises. When a breach occurs, it is a nerve-wracking situation--typically an all-hands-on-deck moment. For instance, an attacker managing to corrupt data on the cloud could potentially cause colossal damage.
That said, as the curtains open for FY 2016-17, let’s hope that there will be massive changes in the security landscape--this year, there will be a large percentage of enterprise workloads moving to the cloud.
How to stay safe
First, before adopting a cloud solution it is important for organizations to have data governance policies. Data governance require three services: control, transparency and rules. The absence of it will impose direct operating costs that can weaken pursued savings.
Stressing this, Ajathashatru Verma, Director, CSS and SOC, India, Symantec, says, “Data governance concerns commonly arise in the areas of IP protection, regulatory governance, privacy laws, industry compliance requirements and data mobility.” He said that these policies are required for identifying sensitive information, controlling its transmission, storage, and access in the cloud and sharing it among users and devices. “This needs to be enforced across private, public and hybrid clouds,” he says.
Similarly, Rohit Kumar, EVP and Regional CEO – SEA and cloud managed security, Paladion Networks, says that enterprises should have compliance with various data privacy laws. With cloud, the business assets would see no geographic boundaries, hence it is crucial for organizations to develop a continuous compliance program for abiding by data privacy laws in various countries.
Enterprises should have a good exit strategy--what happens if you are not happy with cloud and want to get out? Talking about this, Kumar says, “Cloud services are becoming pervasive and in the near future engaging with multiple cloud service providers will be the norm; hence, exit strategies with regards to migration from one cloud service provider to another or back to on-premise has to be clearly laid out.”
Security providers need to extend data loss prevention to the cloud across all high-risk data loss channels so that organizations can monitor and safeguard information effectively.
Highlighting this point, Verma says, “As companies seek to move their information to the cloud, they have to look for security providers who can keep their information protected regardless of where it resides. Data Loss Prevention (DLP) is one of the key technologies to enable anytime, anywhere, any device data protection. DLP is a foundational technology for cloud security,” he says.
Data in the cloud also needs to be encrypted. Data encryption is one of the biggest security allies in the cloud and it should be non-negotiable when it comes to file transfers and emails. Rajesh Maurya, Country Manager, India & SAARC, Fortinet says that, while data encryption may not prevent hacking attempts or data theft, it can protect one’s business and save an organization from incurring hefty regulatory fines when the dreaded event happens.
Organizations should not be in the dark about shadow IT. Take for instance an employee using a smartphone to open a file stored on an enterprise server. It is likely that the phone will make a copy of the file, which could then be sent to an unapproved online storage destination when the phone does its routine automatic backup. This means that secure corporate data has just been moved to an insecure location.
“Preventing access to shadow IT is unlikely to stop its growth in any given organization. It is more effective to educate your users and use technology to manage the issue. Encryption, network monitoring and security management tools can help defend your cloud app against the risks of shadow IT,” explains Maurya.
All said, let’s hope that enterprises will be better prepared for the year ahead!