If you haven’t moved at least some of your data to the cloud, you will. It’s inevitable at this point. Even the most highly secured organizations have some of their data on the cloud.
What happens when that data is accessed? Is it still protected? Using data-centric security alongside CASB solutions helps secure sensitive file consumption in cloud environments. Not only can you control the different levels of security for various cloud data access channels, but also get visibility about how the data is being accessed and used – all while helping to prevent anyone at the cloud provider from viewing your files.
You need to control who, what, when, where, and how data is accessed from all your sites, cloud or not. Even if the document generally resides in a secure environment, it may not be accessed from the same place all the time, and not all places are equally secure. Data-centric security means that when someone attempts to “consume” protected data, policies remain in place, ensuring that access is based on the data consumption context within clearly defined parameters.
Files on the cloud need to be protected from the cloud vendors themselves. Files uploaded to cloud storage are protected with dynamic classification and encrypted using organization keys, preventing data access by the cloud storage team or any third party in event cloud storage access is breached.
Data-centric security technology ensures that files are automatically encrypted or decrypted during the upload and download process – and only when they are downloaded to secure environments and devices.
While we all acknowledge that data is everywhere, finding it should not be a treasure hunt. Data movement monitoring is critical. You need complete visibility of files and documents over the entire usage life cycle, on premise and in the cloud, no matter what the document format or application. You need to be able to get and report on audit data about how, by whom and where the files are used/shared/stored without any disturbing the end users.
Policy control is a key component of all data protection; you need to be able to automatically adjust encryption and authentication to your organization’s best practices. You also need to ensure that you can secure, manage and control basic operations like what can be printed or copied.
Cloud Access Security Brokers are doing a great job. They are allowing you to extend network protection into the cloud. Just make sure you supplement that protection with data-centric security for before and after your data’s on the cloud.