Back in 2017, the cloud was declared to be “the new normal”. A survey revealed that 83% of enterprise workloads are expected to run from the cloud by 2020. This is no surprise. Even though cloud data security challenges are an ongoing concern, cloud security has a multitude of benefits.
- Centralization. A central trust service that keeps both the cloud and local systems secure.
- Reduced costs. No more hardware and large IT teams fighting cloud computing security issues and cloud data security challenges. Cloud security features proactive, automated protection round the clock.
- Reduced admin effort. No more manual security configurations and constant security updates. Your vendor takes care of all security administration.
- Accessibility. With tightened cloud security measures in place, you can access data and apps from anywhere in the world and from any device.
The uncertainties surrounding data security in cloud computing have been a major obstacle to cloud migration. “Is my data safe?” “Can I trust the security offerings of the provider?” “How about regulatory compliance?” Can we really assume that, if we work in an industry with enhanced privacy or security standards, our cloud computing app vendor has already developed measures that address our specific case? Multiple legal and ethical considerations come into play.
Cloud security also involves you
Cloud storage and security rely on the same basic tools and methods used to secure a network and data in any other environment. Instead of storing data directly on your device, cloud data is stored on servers and made accessible via an internet connection. According to Quentin Hardy, former Deputy Technology Editor of the New York Times, cloud data is “probably more secure than conventionally stored data.” At the same time, you are still responsible for the safety of your data.
Cloud data security is achieved through the implementation of technologies and policies similar to those of other IT environments. These technologies and policies are tailored to agile environments and certified by specialized third-party auditors making sure that the cloud vendor meets all necessary standards and regulatory requirements.
You have tools in place such as firewalls, anti-malware protection, intrusion prevention, integrity monitoring, and logging. On top of default vendor protection such as authentication, access control, and encryption, many companies opt for supplemental security measures to offset access to sensitive information in the cloud. Educating employees about cloud data security challenges along with the risks associated with sharing and storing information in the cloud remains the responsibility of companies.
Before moving to the cloud
Prior to handing over your assets to the cloud, an extensive risk analysis is in place. Take a step back to evaluate your in-house situation and cover the gaps in your security. Also, get information about the vendor to verify they can meet your specific needs. This applies especially if you are dealing with sensitive information such as health data.
A number of simple steps include:
- Create local backups. Do this either in an external storage device or another cloud storage, or both. This will help you handle unexpected data loss.
- Install anti-virus software. All cloud security will not help if your own system is not protected.
- Use unique, strong passwords and change them frequently. Educate your employees about their role in protecting company assets against security breaches. Make use of two-factor or even multi-factor authentication.
- Take a look at the security policies of your vendor and make sure they can withstand an audit.
- Use security tools to pick up the gaps in your vendor’s security measures. Identify the measures to be taken at your end. Use proactive protection that involves blocking, quarantining, masking, and threat analytics.
- Pick a vendor that encrypts your data.
- Regardless of vendor encryption, deploy comprehensive encryption solutions before moving your data to the cloud. You may want to do this even if your cloud provider already offers their own encryption.
- If possible at all, avoid storing any sensitive data. It is recommended to locate, define, and classify the sensitive data types. Then you can create policies based on the location of the data, an inventory of the data types that can go into the cloud and those that cannot. If storing sensitive data, you may also want to explore the possibilities for data anonymization.
- Secure the end-user devices accessing cloud assets with advanced endpoint security. Deploy firewall.
- Follow well-established and up-to-date security guidelines and best practices.
Protect your data in the cloud
Just because your cloud provider is fully compliant and has already taken care of all security measures does not imply that you should remain inactive. Once you have your data in the cloud, make sure you are thinking about the following items that will allow you to take ownership early on and become an active player in protecting your cloud data.
Safeguarding data integrity through authorization
Once on the cloud, you need to find ways to protect your data from deletion, modification, or unauthorized internal access. When you have migrated to a cloud environment, it becomes more difficult to trace the location of your data. You may not be able to monitor who does what and if they are authorized to do it. Things become even more complex if you are operating in a multi-cloud environment.
Authorization is necessary to safeguard the integrity of data through stricter access. This includes two-factor authorization as well as logging to monitor who has accessed what and at what time. A trusted platform module (TPM) for remote data checks is also an option.
Once you have located, defined, and classified the sensitive data types prior to moving to the cloud, you can use automated tools to discover where your sensitive data is. Major players such as Amazon Web Services and Microsoft Azure offer their own services to classify data by applying labels. But you can also make use of third-party tools such as Logikcull and Looker.
Local and international privacy laws protecting the interests of data owners make it necessary to take a second look at privacy. Some vendors may store data on servers not physically located in the region of the data owner. This can become an issue for companies tied by strict residency laws.
U.S. data residency laws include the Health Information Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH), or the Payment Card Industry Data Security Standards (PCI DSS).
The General Data Protection Regulation (GDPR) applies throughout the European Union (EU). In addition, many countries in Europe have their own measures to make sure that sensitive or private data does not leave the physical boundaries of the country of origin. Examples include the United Kingdom Data Protection Law and the Swiss Federal Act on Data Protection.
Even though cloud service providers have many security tools and policies in place, data breaches originating in human error still persist. Taking measures to guard yourself against events such as hacked accounts, compromised passwords, or any other form of compromising security credentials should be high on the agenda. Keep in mind that something as trivial as a lost company laptop can lead to hijacking an employee profile and getting to the cloud.
The possibility of data loss or data tampering should also be addressed. You can protect yourself by distributing your applications and data across several zones and keeping your backup data in an off-site storage. Make sure you have policies in place to alert you in the event of any unusual activity such as deleting or copying huge amounts of data, or any other unusual compute activity.
Handling analytical data
Data security for cloud analytics is a key prerequisite for doing data science in the cloud. Analytical data is a specific data type within an organization that describes business performance. Unlike transactional data, which supports the daily operations of an organization, analytical data serves the purposes of decision-making, analysis, and reporting.
The cloud data science platform Repods handles large amounts of structured analytical data. This data, for the most part, consists of large customer lists, transactional lists, or production data. Non-business-decisive analytical data should be brought to the cloud first—you can protect your work by pre-aggregating the data or by using data anonymization techniques.
Data anonymization in the cloud
This is a well-established way to strengthen the security of your data. You can regard data anonymization as part of a privacy by design strategy that helps you to minimize risk and, in particular, guard yourself against personal data security breaches. This is also a great way to prepare sensitive data for analytics in the cloud without the ramifications of privacy concerns. On the downside, data anonymization is hard.
Strategies such as pseudonymization may not be sufficient to protect your sensitive data. And technological advances are making it easier to de-anonymize data that had previously been thought to be bulletproof. For that reason, many vendors now offer customizable functionalities. These enable customers to anonymize live data and do analytics on both personal and business-proprietary analytical data. Data undergoes multiple deidentification steps to become completely anonymized and ready for analytics.
How does the cloud data science platform Repods secure analytical data? Find out more in our security policy. For any questions related to cloud data security challenges and the protection of your analytical data in Repods, contact a member of our expert team.
To start using the platform and create your first compact data warehouse, sign up here.
Subscribe to our blog!
Stay up to date with the latest data science and IoT tips and news.