Cloud Security Focus Shifts to Data Protection
This blog post is the first in a series on Data Protection issues and practical solutions.
When companies began moving to cloud computing solution, a great deal of time and anxiety was spent on security. For most considering the move, the questions were basic: Will my vendor access my data? Will my vendor prevent unauthorized access to my data? How secure is my connection to my data? With the maturing of security standards (SSAE-16, ISO 27001, FISMA, and others), these fundamental questions are less of a concern to most businesses. Top tier providers not only create secure infrastructures, but build commitments to customer data security and integrity into their contracts, Terms of Service, and Service Level Agreements, or SLAs. That said, security in the cloud requires thought and planning. In addition to basic access concerns, organizations need to be as vigilant with cloud-based data as they are with in-house data when it comes to data integrity, exposure, and loss prevention. Holistically, the focus should be “Data Protection”. As we look at Data Protection in this blog series, we will focus on the areas of greatest risk to your data:
- User Identity and Account Security
- User Actions — accidental and malicious
- Data Leaks /Permission Errors
- Rogue Applications
For each of these issues, we will look at how the risks change (or not) when data is in a public cloud service, as well as practical solutions for mitigating the risks.