You’re in the Cloud—What Is Your Last Line of Defense against Threats?
A century ago, oil used to be the most valuable commodity. But in this age of digital transformation, inarguably, data has become the most important commodity with its limitless uses and a potential for a huge impact on our society. Companies that have control over their data have a distinct market advantage over their competitors and are able to become leaders of the world, just like the oil barons did a 100 years ago.
The big difference between oil and data, however, is that theft of oil was never as easy as the theft of data is today. Which is why chief information, chief information security, and data protection officers (CIOs/CISOs/DPOs), along with other top technology leaders, readily admit that data protection and security is a top concern for them, especially as they move their data to the cloud. Numbers support this claim, as global security spending is expected to exceed $124 Billion in 2019.
So, we know data is power. With great power comes great responsibility! A huge part of this responsibility is to protect the data and prevent data breaches. A company moving its data to the cloud can’t shirk its responsibilities around data protection. In fact, I recently wrote about the shared responsibility model in the cloud, where the enterprises are still fully responsible for protecting their data in the cloud. Then, the obvious next question is of course, what is the perfect way to protect your data?
Is there a perfect defense from cyber criminals and cyberattacks? The answer, unfortunately, (and as you already may realize) is a NO.
Having said that, while identity management, firewalls and access control are essential to all data security initiatives, encryption of data is one of the most important as well as the “last line of defense,” against cyberthreats.
What Is Encryption?
In the most simplistic terms, encryption is a process of protecting the data by using a “secret code” to scramble it in a way that only people with an authorized key can read it. In other words, encryption prevents people from reading what they should not. Even if someone intercepts your messages, the encrypted data is meaningless without a key or a password. While encryption cannot protect against all cyber-attacks, the technology makes data theft a much more difficult task.
Why Is Encryption the Last Line of Defense?
Encryption not only protects your data, it protects your reputation and protects you from big fines: many laws that require reporting a breach to consumers often make an exception for stolen data that is encrypted because it has been rendered useless for an unauthorized reader.
While the treatment of encryption under various rules and regulations would require its own blog, to get you started, I do want you to understand what type of data can and needs to be encrypted.
What Data Needs to be Encrypted?
With cloud solutions, data needs to be protected in two states: data in motion (when being transferred) and data at rest (storage).
Data in Motion
Data in Motion: This is data actively moving from one location to another such as across the internet or from on premise to the cloud. One of the recent studies suggest that 81.8% of cloud service providers encrypt data in motion when it is transferred between the user and the cloud service. This means that significant amount of data is still being transferred without adequate protection. If your data falls in that unprotected category, you should immediately start looking for solutions to rectify this problem.
Data at Rest
Data at Rest: This is essentially data that collects in one place, or is stored in one place such as, databases, files, storage infrastructure etc. Only 9.4% of cloud providers encrypt data once it’s stored in the cloud. If you are one of those companies that have never thought about encrypting your data at rest in the cloud, you should start thinking about it because of the following categories of threats:
- Threats from attackers
- Threats from rogue insiders
- Threats from government use of subpoena or warrant to get access to your data without your knowledge
For protecting data at rest, you can either encrypt sensitive files prior to storing them or you can choose to encrypt the storage drive itself. Besides encrypting the data, you also have to identify an appropriate key management strategy. Because keys are used to decrypt the data, whether you manage your own keys, or you let the cloud provider, or a third party manage these keys can have significant implications for your overall security posture.
Summary of Best Practices for Your Encryption Strategy
Now that you’re prepared to protect your data like oil barons protected their oil, you should take the following steps to ensure that your encryption strategy is foolproof:
- Understand all the data you have and what data you will be moving to the cloud.
- Outline your security and data protection goals. This means that you have to decide whether you need to encrypt all the data or only sensitive data (this decision will be guided by not only your business needs but also legal and regulatory needs).
- Make a plan for encrypting your data in motion and data at rest.
- Identify a key management strategy.
- Implement the appropriate solution to meet your complete encryption strategy.
Every minute you’re facing millions of cyber threats. Every minute you’re closer to a breach that may ruin your reputation forever or rob you of the most valuable resource you have in this age of digital economy. So, to protect your data empire, you should be aware and prepared with your last line of defense—encryption.
Understanding encryption and key management services available to you will ensure that you are on your way to prevent data breaches and unauthorized data accesses. Be on the lookout for the next article that discusses the issue around key management in detail.
• Want to learn more? Visit SAP Data Custodian product page.
• Contact me here and on @rashimitt