Keeping Unstructured Sensitive Data Secure in the Cloud

Aidan Simister | 4 min read| Updated On - March 11, 2020

Keeping Unstructured Sensitive Data Secure in the Cloud

77% of companies use at least one cloud-based service, according to an article by Forbes, and it’s inevitable that the adoption of cloud solutions will continue to grow. Why? Because cloud services are scalable, flexible, easy-to-use, and can save businesses money in the long-term. However, cloud services present a number of security issues relating to the way data is accessed and used, which makes safeguarding sensitive data and complying with the relevant data protection regulations, more of a challenge.

Enterprises can either use software-as-a-service (SaaS), platform as a service (PaaS) or infrastructure-as-a-service (IaaS), and they will often rely on a variety of different service providers. These may include Amazon, Microsoft, Google and IBM, to name a few. In all cases the most notable data security problems relate to visibility, in some way or another. IT managers struggle to identify what data and applications are being used, when they are used, and by who. Likewise, they struggle to keep track of data in transit.

Naturally, when using cloud-services, traditional on-premise perimeter defense solutions, such as Firewalls, Intrusion Prevention Systems (IPS) and Data Loss Prevention (DLP) software, are made redundant, unless they are deployed on all devices used by employees.

However, given that 85% of organizations have embraced BYOD in some form or another, it would be practically infeasible to install agents on all employee devices, and would no doubt be faced with much resistance. While most cloud solutions offer encryption services, they are not truly secure, as the service provider will have access to the decryption keys. Should they suffer a breach of some sort, a hacker may be able to gain access to these keys, and thus the data they protect.

What solutions are available to help enterprises secure their data in the cloud?

Given that most of the traditional security solutions we may have once relied on are no longer relevant when using cloud solutions, we must adopt a more data-centric approach.

While the native auditing functionality of cloud service providers has improved in recent times, they are still not able to present detailed enough information to adequately keep track of exactly who is accessing what data, and when. Nor do they provide real-time alerts and customizable reports that can be used to satisfy regulatory compliance requirements.

That said, all reputable cloud providers will expose an Application Programming Interface (API) which third parties can use to gain further insights into how their data is used. This allows third-party solutions to aggregate and correlate event logs from multiple cloud service providers and display a summary of events via an intuitive interface.

They are able to provide very specific information about which user accounts, files and folders have been accessed, modified, moved and deleted, and provide real-time alerts to your inbox or mobile phone. Likewise, they will provide a wealth of pre-defined reports which can be presented to the supervisory authorities as proof that you know how your data is being used and stored.

Naturally, if you are storing large amounts of unstructured data on multiple cloud platforms, it can be difficult to keep track of where this data resides. Fortunately, a lot of data security platforms have data classification tools built in, which can automatically discover and classify a wide range of data types. Data classification not only makes it easier to identify what sensitive data you have, but it also makes it easier to assign access privileges correctly.

Naturally, it’s a good idea to delete any data that you don’t absolutely need, and this is especially true when storing sensitive data in the cloud. Finally, instead of relying on the native encryption tools provided by the cloud service provider, use a third-party encryption solution which will automatically encrypt data before uploading, or following an edit.

Aidan Simister
Aidan Simister

Having worked in the IT industry for a little over 22 years in various capacities, Aidan is a veteran in the field. Specifically, Aidan knows how to build global teams for security and compliance vendors, often from a standing start. After joining Lepide in 2015, Aidan has helped contribute to the accelerated growth in the US and European markets.

Popular Blog Posts