How should cloud-centric organisations prioritise data protection?
Article by Bitglass CRO Anurag Kahol.
For many organisations, creating an effective data protection strategy to support the adoption of remote work and cloud infrastructure is becoming increasingly urgent.
But in working to mitigate risks and build robust processes, IT leaders face a range of challenges, and getting the priorities right is key to overcoming issues as varied as data leakage, compliance, and access control--all while maximising user experience.
So, where should they start? And what are the main data protection challenges that can threaten the integrity, management and security of distributed data?
Challenge 1: Removing the risk of hidden data loss in encrypted traffic
When workers were in the office and connected directly to the company network, data and applications resided in central data centers, encrypted traffic was limited. As a result, on-premises security solutions were sufficient.
But with the move to the cloud and the widespread adoption of remote working, encrypted traffic has shifted from the exception to the rule. Suppose current data protection solutions don’t identify and control sensitive data in encrypted traffic. In that case, they will miss the majority of sessions in which data exposure and misuse is a possibility, leaving the organisation vulnerable to data loss and breaches.
Stolen data is often disguised and sent uninspected through SSL, and according to a recent Google Transparency report, 95% of traffic is encrypted and therefore not subject to inspection by traditional data loss prevention (DLP) solutions.
This is potentially disastrous, as partial inspection of traffic leaves businesses vulnerable to data loss, meaning sensitive data passing through may be missed.
Consequently, organisations need cloud and web security solutions that can inspect every byte outside the network and beyond the scope of legacy technologies. With this approach, they can ensure that data within encrypted traffic is secure.
Challenge 2: Closing gaps between data protection services
With the move to the cloud, data is distributed across diverse SaaS, IaaS, web and on-premises environments.
Naturally, each of these needs effective data protection. As a result, organisations are adopting cloud access security brokers (CASBs). These secure:
- Managed SaaS applications and IaaS platforms
- Cloud security posture management (CSPM) to scan IaaS instances for costly misconfigurations
- Secure web gateways (SWGs) to secure the web and unmanaged apps (shadow IT)
- Zero trust network access (ZTNA) to secure residual on-premises resources as they are accessed remotely.
However, this complexity makes data protection uniformity and solution management challenging, and can waste time and money while creating gaps in visibility and control across resources.
Unified protection, in which a consistent level of security is provided to all interactions across ecosystems, can be achieved by adopting a comprehensive security platform built-in and delivered through the cloud.
Today’s market-leading technologies can monitor data in transit and at rest within IT resources through capabilities like cloud DLP and advanced threat protection (ATP). Consistent, easily managed security across all interactions is vital.
Challenge 3: Avoiding poor user experience
With workers and the resources they access and use to do their jobs moving off-premises, a significant element of the core infrastructure is now the internet itself. However, one of its downsides is that this approach limits IT’s ability to anticipate and mitigate issues with its legacy security stack.
Additionally, when most services used by workers are out of the organisation’s control, it becomes challenging to ensure that employees have a good user experience while data stays safe.
Many appliance-based security offerings require traffic to be backhauled to a central data center, creating bottlenecks and causing latency. This directly impacts user experience and productivity.
A platform that embraces the concept of secure access service edge (SASE) puts data security as close as possible to the user, reducing latency and significantly improving the user experience.
Challenge 4: Eliminating compliance violations across the cloud
Failing to meet and maintain required industry regulations can result in significant fines and even loss of business.
With data distributed across SaaS, IaaS, the web and myriad devices with remote access to enterprise networks, visibility and remediation for compliance purposes are reduced. This potentially puts the organisation at risk.
By obtaining unified visibility and control across the entire IT ecosystem, a range of key compliance standards (PCI DSS, HIPAA, and GDPR, and others) can be met, minimising the risk of compliance violations in today’s complex environments.
Once again, this is done through integrated platforms that boast various functionalities (DLP, IAM, CSPM, and others), ensuring that specific regulatory requirements are addressed.
Organisations can embrace digital transformation with confidence by including these critical considerations in data protection strategy planning and execution. In doing so, they can close gaps between data protection services, minimise risk, achieve compliance, and deliver a consistently strong user experience.