Not Your Grandma’s IT Security Concern
Not that long ago, the main concern of network security professionals was protecting the company’s network perimeter. Servers, not data, was the issue.
When the cloud rolled in, the IT security landscape began to change profoundly. When companies use cloud services, effectively they’re outsourcing the care of their data. Unfortunately, they can’t outsource their legal obligations with respect to that data, so data security is suddenly a major concern for them. The question, “Have you hugged your server lately?” is still relevant, but even more so is, “Do you know where your data is, and is it safe?”
For many enterprises, the choice to move to the cloud has been less a central corporate decision at one point in time than the accumulation of hundreds of decentralized decisions over the years. That’s one reason why so much emphasis has been placed on cloud discovery and visibility as the enterprise seeks to regain control of its data. While cloud discovery is an important step in that process, the very heart of cloud security is data protection. Let’s look at why.
#1 The cloud increases vulnerability to external threats
By multiplying the number of points at which an attacker can gain access to data, the cloud has increased the total “attack surface”. What’s more, cloud applications aren’t just end targets for many attackers—they’re fast becoming vectors to launch further attacks on the enterprise.
Because decreasing the attack surface isn’t a viable option when it comes to the cloud, the enterprise must protect data at each point of vulnerability, a very big job indeed. The job of data protection also is a shift in responsibility for IT security professionals. Many organizations are ill-prepared to deal with the demands of cloud security.
No amount of cloud application control will safeguard data from government snooping, rogue cloud administrators, or cloud provider access.
#2 The cloud amplifies the impact of internal threats
In addition to multiplying attack vectors, the cloud amplifies the impact of internal threats. Employees have a lot more power to inflict damage by sharing sensitive information inadvertently or intentionally. Only data leak protection combined with other data protection strategies can handle these types of threats.
Sensitive data doesn’t live in a parallel universe. Sensitive data and regular data both travel the same way via the same applications, so protection must happen at the data level.
The need for data protection
It’s natural to want to tackle a complex problem by solving the easiest problems first. Addressing shadow IT is a good example. But you can’t stop there.
With its exposure to internal and external threats, the enterprise has to go beyond cloud discovery and monitoring. The enterprise must be empowered to take action and actively manage threats. While application protection and user protection are key components of a cloud security strategy, they must be complemented by data protection, wherever the data goes.
Data protection includes encryption, data loss prevention (DLP), malware scanning, tokenization, and policy controls tuned to context.
When you’re seeking advice or judging solutions for your cloud security strategy, keep in mind that a complete cloud security strategy will include application protection and user protection, with data protection as the cornerstone.
Ready to take your cloud security strategy to the next level?
Don’t take our word for it. See for yourself what a complete solution can do for your cloud security strategy. Get your Free Trial of CipherCloud complete CASB suite.
To learn more about data-centric security, visit our Encryption Resource Center.