By Salah Nassar, Vice President of Marketing, CipherCloud
How it all started
We all love Box. Box makes cloud collaboration better and is a key business consideration for organizations to begin their journey into cloud adoption on the ever expanding digital transformation initiatives. In fact, many organizations began their cloud app initiatives as lines of business forced the issue by adopting collaboration apps, with Box. It was those pesky lines of businesses (LoB) that began uploading internal confidential data on Box. This behavior is the beginning of exposure, risk, and data breaches became major issues.
Out of sight out of mind
Every organization has a lot of data in the cloud. How much you may ask? Many organisations know by the % of space they have occupied on their Box account. That answer may be good enough until you need details such as, how much sensitive data is there? What kind of sensitive data is there? Are any of those files infected with malware? Who has access to this data? How much of this data has open shares? Is the data accessible to non-employees? Has sensitive data been leaked? Can you remove access to the data itself even after it’s been shared? Can you answer these questions for all your cloud apps?
Here are some easy steps that can be taken to secure data and access to data:
Get complete historical scans – data and threats
Files pile up fast. Add a few hundred or hundred thousand users and you have terabytes of data living in the cloud. Before going full throttle with real-time data scanning and threat prevention solutions, it is important to deploy cloud data discovery solutions that scan the data residing in the cloud, identify sensitive information related to PII, PHI, PCI, HIPAA and more, and assess them against critical security metrics and latest data compliance laws to preserve data integrity and prevent sensitive content exposure.
Protect your data – at rest and in motion
While cloud-based services provide the agility, scalability, and cost savings that organizations need to stay competitive, they also create new security challenges and risks as sensitive data moves across the extended, multi-cloud ecosystem. Legacy data protection solutions tend to be cumbersome and inefficient for the cloud-mobile environment. The best way to secure the data moving in and out of collaboration apps, such as Box, comes from the data protection solutions offered by Cloud Security Access Broker (CASB) solutions. CASBs enable data-centric security and protect the data at rest and in motion with inline DLPs and data encryption solutions. Further, users can securely download the data from their Box account and share it offline with CASB’s native digital rights management.
Ensure configurations are enforced
Behind every successful data breach there is a security misconfiguration in the cloud. Unfortunately the traditional security measures are a complete mismatch in the cloud environment and the ever growing cloud usage makes it impossible for the IT security team to manually audit all the security configurations across all subscriptions. A small security oversight, one open link share and your Box cloud becomes a breeding ground for breach. Smart problems require smarter solutions. Cloud Security Posture Management (CSPM) performs a deep assessment of your Box account against well-defined security and compliance guidelines, providing a comprehensive view of potential data risk exposures. With CSPM, organizations can enforce security best practices and reduce the operational complexity of managing configurations across multiple cloud accounts.
To understand how to enable deep visibility, adaptive controls and continuous governance of sensitive data in Box and other collaboration apps, attend this live webinar on February 20, 2020 at 9 AM PST. The webinar will focus on:
- 360-degree visibility into user activity – files upload/download, instant messaging
- CASB+ Information Protection, for detecting and protecting sensitive information or file shares containing PHI, PCI or PII information
- Applying digital rights management for data protection during downloads and offline shares
- Enabling consistent policies for emails, files and messages, meeting global compliance and data residency requirements