1. KNOW WHICH CLOUDS YOU’RE USING.
Data protection in cloud computing demands that you know what employees are doing. Not all of your employees may be sticking to corporate-approved applications. Some may be backing up their work to Google Drive even though Box.com is the only approved cloud collaboration service your policy allows, for example. You have to know which clouds your data’s entering before you can effectively protect it.
Survey your employees and work with your IT department to learn as much as you can about your employees’ cloud usage.. And communicate to employees how vital it is that they stick to the cloud services that are approved.
2. KNOW WHAT DATA IS GOING INTO THE CLOUD.
As you work getting a handle on which cloud services are in use, and why, you’ll begin to form a better understanding of exactly what corporate data is entering the Cloud. This understanding is also critical to data protection in cloud environments. Some types of data simply should not be uploaded to cloud services; other types must be strongly protected.
Employees must be made aware of what data they cannot upload and what the consequences will be if they do. To prevent inadvertent breaches, implement strong monitoring and DLP solutions to assist with enforcement.
3. PROTECT YOUR DATA.
Now it’s time to implement a key piece of cloud data protection: data security itself. Regulatory compliance, data protection, and functionality of your chosen cloud services will demand a variety of encryption and tokenization methods.
Apply appropriate levels of encryption and tokenization to your data according to each data field’s sensitivity. It’s best to do so before the data ever leaves your premises and to keep it protected in transit, at rest, and, wherever possible, even while in use in your chosen cloud application.
4. KEEP YOUR ENCRYPTION KEYS SAFE, AND KEEP THEM SEPARATE FROM YOUR DATA.
In our recent chat with CipherCloud Chief Trust Officer Bob West, he made a wonderful analogy for encryption keys. When you leave your house, he said, you lock the doors and take the keys with you. You don’t lock the doors and then leave the keys nearby. The same applies to your data encryption keys. If you want your encrypted data to stay safe, keep the keys on you—not with the data.
Choose an encryption solution that gives your organization exclusive access to the encryption keys and the tools to maintain tight control over who can access them. That way, even if something happens to your data in the cloud, no one will be able to unlock it but you.
5. KNOW WHO CAN ACCESS YOUR CLOUD-STORED DATA.
Optimal data protection in cloud environments requires a “need to know” approach to data access. The fewer the people that can access the information, the smaller your risk of a leak or breach. In your work with your IT department, you should have developed a clearer picture of who can see what data. It’s time to use that to your advantage.
Apply strict access controls to all the data that you need to protect and pair that with monitoring tools that will generate alerts for unusual activity and an audit trail for forensic investigations. Then use those tools to stay current on what’s happening with your protected data.
Concerns around cloud data protection can be scary. There are some pitfalls enterprises must avoid. As you can see, however, those pitfalls are avoidable with the right combination of policy and enforcement tools, so don’t let fear, uncertainty, and doubt scare you away from the numerous competitive advantages the cloud can bring.
To find out more about why you need Cloud information protection, check out the following helpful resources:
Why Cloud Information Protection? Taking Control of Your Enterprise Cloud Data – download this free eBook to learn about why you need cloud information protection: To retain control of your data; to prevent data theft or leaks; to simplify the complexities of strict regulatory environments, and more…
Seven Steps to Protecting Your Cloud Information – This guide will walk you through the 7 steps and key actions toward a unified cloud information protection program to give your enterprise complete control over data integrity, protection and encryption.
How do you ensure data protection in the Cloud? Tell us your ideas in the comments.