Don’t ignore the security risks of limitless cloud data
Over the past two decades, technology has evolved to make it easy and affordable for companies to collect, store and use massive amounts of data. From AWS to Google Cloud to Snowflake, even startups and small businesses can quickly establish a mature data practice and use unprecedented amounts of information to inform and streamline operations.
The exponential growth in our ability to manage and use data has provided tremendous benefits to business and society alike. But this endless sprawl comes at a cost: As each organization’s collection of data has expanded wildly, their security measures haven’t kept pace. Sensitive data is going unnoticed, unmanaged, and unprotected — putting it at risk of theft.
We will never go back to our previous data and security postures as cloud computing and storage have made it possible for every organization to become an intelligent, AI-backed tech company. Instead of trying to get this wild horse back into the stable, we must instead make sensible changes to the ways in which we store and use valuable data in the cloud. Our sensitive data must be accounted for and protected, and the security industry and public sector must work together to establish technologies and strategies to ensure proper data management.
A new need for data-centric security
Before the cloud revolution, security teams focused on physical premises — on establishing a perimeter around a physical data center and protecting that perimeter. Storing and managing data was simple because it was literally in the next room or building. But the days of a defined perimeter are over, and businesses must evolve from protecting infrastructure or premises to instead protecting the data itself.
The challenge here is that data is infinitely more complicated to secure. In our world of endless data sprawl, sensitive information is constantly being moved, copied, and changed. Even when valuable data is secured properly, that security posture doesn’t travel with the data when it’s copied or moved. Legacy security tools built to secure one asset in one place are not capable of keeping pace with petabytes of cloud data that are constantly shifting shape and location.
Moving targets require moving controls
The goal of cloud data security isn’t to lock down data and ensure that it can never be moved or changed. Cloud data security is about helping an organization use the cloud effectively, taking advantage of the speed and scalability of cloud computing while maintaining reasonable and effective access controls.
As cloud architectures have grown and evolved, so too have the principles of access management; we’ve seen an entire industry, identity access management (IAM), emerge as a result. Cloud data is a difficult challenge for IAM, and data access tools often struggle to answer the question, “what happens when the data moves?”
The biggest security problem facing organizations today is the fact that their access controls don’t stick with their data when it is copied, moved, or edited. Protecting sensitive data will require a fundamental change to the way we think about data as it moves throughout cloud environments. Instead of just looking at the data in a single moment in time, we must look at the data and the access control policy that surrounds it — where it’s been, who has accessed it, every relevant detail of context.
Why data context is the missing ingredient
Data context doesn’t just encompass the security posture. Understanding the context surrounding data also helps us to recognize which data is sensitive and which isn’t. Is it worth it to frantically patch a “severe” endpoint vulnerability if it doesn’t contain any data that could affect the business? Will you wish you had paid more attention when a low-priority vulnerability turned out to be attached to source code or customer data?
As we pivot for the future of data and cloud computing, we need to ensure that every organization achieves two standard practices. First, we must have a clear, well organized catalog of their data that includes context: to what extent is the data valuable and what protocols are being used to defend it. Second, we must ensure that the data itself and the context surrounding it remains stable even as that data is copied or transferred.
Understanding the importance and value of each dataset makes it possible for security teams to prioritize their efforts. Maintaining security controls as data moves throughout the cloud ensures that the efforts of our security teams aren’t wasted. These two best practices will allow organizations to move confidently and embrace the benefits of big data and cloud computing. Anything less puts their company and their customers at risk.