A manifesto for cloud data security
Image via Pixabay
This is a manifesto for cloud data security. Manifesto is often associated with political statements such as Martin Luther King’s “I Have a Dream” speech or the U.S. Declaration of Independence. Some are religious, such as the Bible’s Ten Commandments. Or, aspirational, such as John F. Kennedy’s “Land a Man on the Moon” speech. My manifesto is the latter type as I believe managing the posture of cloud data security is the most important task for securing today’s modern environments containing some of the most sensitive data in the world.
Why data security should be our top priority
The space program brought us enormous benefits. Its new technology such as microchips today underpins computers, smartphones, internet and IoT. Lighter construction for spacecraft now enables fuel-efficient cars and planes. Other benefits are found in medicine, environmental monitoring and communication. The fundamental element unifying future progress in vital areas like these is: data.
Some glibly call data the “new oil,” but data is not just something we pour into vats of cloud storage for a rainy day. Modern organizations of all sizes live or die on their use of data. It’s vital for decision making. Modern analytics based on data-driven AI models provide insights and point us in the right direction to make better decisions for the company’s future. Data makes us more efficient. It facilitates a competitive advantage. Data also drives innovation by showing new opportunities for improvement.
Benefits of data also make it a huge target for cybercriminals. Thieves used to break into banks because money and treasure was physically stored there in vaults. Now they’re attacking your cloud vaults because the data stored there is worth more than gold.
The urgent need for a data-first approach to cloud security
Before you can secure cloud data, you must find it and understand all potential risks that may enable a breach. Grasping its true security posture, especially with siloed, non-cloud-native tools, is a major challenge.
Massive, surging amounts of data sprawl almost anywhere at ever-faster velocity. An ESG survey found 77 percent of organizations store sensitive data in more than one cloud platform; 86 percent say sensitive data is stored in a data lake, data warehouse or data lakehouse.
Data sprawl is a symptom of its pervasive vitality. For example, a blizzard of new microservices-based apps and virtual infrastructure spun up and down in seconds co-mingles an equally deep tangle of potentially unprotected data sources. AI/ML modeling, while beneficial, also fuels risky use of more data stores without strict controls of production data. Unprotected shadow data stores can appear via unsanctioned DevOps processes driven by constant experimental forays of CI/CD coding. Sensitive data exposure may also be accidental.
Whatever the reason for exposure, cloud-resident sensitive data must be discovered and protected 100 percent of the time. It’s why every organization should consider implementing a modern, data-first process for visibility and control of cloud data security posture.
Automating a modern process for cloud data security
Unique challenges of securing sensitive cloud-resident data have spawned a new crop of tools. Some of these are cloud-native, but many operate in silos that resist automatically doing vital tasks for security. A new approach that analysts call data security posture management (DSPM) specifies a cloud-native platform that integrates five key capabilities for achieving cloud data security.
Data discovery – Discovery capability answers the question, “Where are my sensitive data?” DSPM continuously monitors and discovers new data stores. And it notifies securities teams on discovery of new data stores or objects that could be at risk.
Data classification – Classification tells you if your data is sensitive and what kind of data it is. It answers questions like “Who can access my data?” and “Are there shadow data stores?”
Access governance – Access governance ensures that only authorized users are allowed to access specific data stores or types of data. DSPM identifies all internal and external users and resources with access to cloud data stores and related privilege levels. This helps determine the level of risk.
Detect and manage risks – Risk detection is a process of finding potential attack paths that could lead to a breach of sensitive data. Automated workflows guide remediation of these risks.
Compliance – DSPM automatically detects and classifies all data within all your organization’s cloud data stores related to any relevant laws and regulations (GDPR, PCI DSS, CCPA, etc.). It automates mappings of your data to compliance benchmarks to verify compliance for auditors.
Protecting your cloud data for a safer future
Securing cloud-resident sensitive data is more important than ever before. Using a modern approach such as data security posture management can help your organization to boost visibility of risks and help swiftly remediate threats to data. Like the race to space, I hope this manifesto for cloud data security will jumpstart your organization’s journey to a safer future by prioritizing and protecting its most important asset: its data.
