Investment in the cloud is increasing but so are the concerns around cloud security. Check out our helpful tips when securing your data in the cloud.
With more investment expected into cloud storage, enterprises need to be aware of the security options available. All it takes is one poorly configured system for a breach to occur resulting in compromised data that could snowball into costly investigations and even fines. There is also the debate on who oversees securing the cloud environment, should it be the cloud provider or the individual client?
Encrypt and protect the data
Since the rise in cloud popularity, this has been a debate that crops up time and again. However, once the General Data Protection Regulation (GDPR) comes into force next year, it’s crystal clear: the organisation is responsible for the security of its own data. Those using Software as a Service (SaaS) need to take steps to protect data with encryption now.
It’s shocking to hear that 82 % of databases in the public cloud are not encrypted. This is highly irresponsible and dangerous. The recent sensitive data leaks should be a warning sign: it is imperative that Personally Identifiable Information (PII) is treated with the utmost care.
We believe if the data is securely encrypted prior to storage with the organization maintaining full control over the encryption keys, the organization – as a data controller – can exclude the access of attackers or other unauthorised third parties, giving absolute authority to the organization. For authorised users with access to the data, when creating identity and access control policies, ensure you grant only the necessary privileges needed for the employee to carry out his/her job.
Avoid others’ mistakes
The harsh reality of today’s world, in terms of data, is that no one can prevent data theft. So if security isn’t a priority in your organization, it’s time to make it one. Don’t assume that third party SaaS or cloud providers have got security covered for you – this is your responsibility. A common mistake is to leave data unencrypted in the cloud. Organisations must take full responsibility for their own data, particularly when putting it in the cloud and dealing with third party providers, to keep customer data safe and comply with the GDPR.
“Securing the Cloud” is not a conceivable “thing” – however, securing data most definitely is. When companies start with protecting their data itself, they will see the biggest risk reductions and avoid becoming the next example in a string of data breach headlines.