How to focus cloud-centric organisations’ data protection
Article by Bitglass CTO Anurag Kahol.
Formulating an effective data protection strategy to support the adoption of remote work and cloud infrastructure is becoming increasingly urgent for many organisations.
In working to mitigate risks and build robust processes, IT leaders face a range of challenges. Getting the priorities right is key to overcoming issues as varied as data leakage, compliance and access control, all while maximising user experience.
But where should they start? And what are the main data protection challenges that can threaten the integrity, management, and security of distributed data?
Challenge 1: Removing the risk of hidden data loss in encrypted traffic
When workers were in the office and connected directly to the company network, data and applications resided in central data centres, encrypted traffic was limited, and, as a result, on-premises security solutions were sufficient.
However, with broad cloud adoption, the use of the web, and widespread adoption of remote working, encrypted traffic has shifted from the exception to the rule. If current data protection solutions don’t identify and control sensitive data in encrypted traffic, they will miss the majority of sessions in which data exposure is a possibility. This can potentially leave the organisation vulnerable to data loss and breaches.
Solution: Stolen data is often disguised and sent uninspected through SSL. According to a recent Google Transparency report, 95% of traffic is encrypted and therefore not subject to inspection by traditional DLP solutions. This is potentially disastrous, as partial inspection of traffic leaves businesses vulnerable to data loss, meaning sensitive data passing through may be missed.
Consequently, organisations need cloud and web security solutions that can inspect every byte outside the network and beyond the scope of legacy technologies. With this approach, they can ensure that data within encrypted traffic is secure.
Challenge 2: Closing gaps between data protection services
With the move to the cloud, data is distributed across diverse SaaS, IaaS, web and on-premises environments. So naturally, each of these needs effective data protection.
As a result, organisations are increasingly adopting the following technologies and solutions:
- Cloud access security brokers (CASBs) to secure managed SaaS applications and IaaS platforms
- Cloud security posture management (CSPM) to scan IaaS instances for costly misconfigurations
- Secure web gateways (SWGs) to secure the web and unmanaged apps
- Zero trust network access (ZTNA) to secure residual on-premises resources as they are accessed remotely.
However, this complexity makes data protection uniformity and solution management challenging and can waste time and money while creating gaps in visibility.
Solution: Unified protection, in which a consistent level of security is provided to all interactions across ecosystems, can be achieved by adopting a comprehensive security platform built-in and delivered through the cloud.
Today’s market-leading technologies can monitor data in transit and at rest within IT resources through capabilities like cloud DLP and ATP. Consistent, easily managed security across all interactions is key.
Challenge 3: Avoiding poor user experience
With workers and resources moving off-premises, a significant element of core infrastructure is now the internet itself. One of its downsides, however, is that this approach limits IT’s ability to anticipate, identify, and mitigate issues with its legacy security stack.
Additionally, when most services, solutions or applications used by workers are out of the organisation’s control, it becomes more challenging to ensure that employees have a good user experience and maintain productivity while data stays safe.
Solution: Many appliance-based security offerings require traffic to be backhauled to a central data centre, creating bottlenecks and causing latency — directly impacting user experience and productivity.
A platform that embraces the concept of secure access service edge (SASE) puts data security as close as possible to the user, reducing latency and significantly improving the user experience.
Challenge 4: Eliminating compliance violations across the cloud.
Failing to meet and maintain required industry regulations can result in significant fines and even loss of business. In addition, with data distributed across SaaS, IaaS, the web and devices with remote access to enterprise networks, visibility is reduced — potentially putting organisations at risk.
Solution: By obtaining unified visibility and control across the entire IT ecosystem, a range of key compliance standards (PCI DSS, HIPAA, and GDPR, and others) can be met, minimising the risk of compliance violations in today’s complex environments.
This is done through integrated platforms that boast various functionalities (DLP, IAM, CSPM, and others), ensuring that specific regulatory requirements are addressed.
Organisations can embrace digital transformation with confidence by including these crucial considerations in data protection strategy planning and execution. In doing so, they can close gaps between data protection services, minimise risk, achieve compliance, and deliver a consistently strong user experience.