Data Security in Cloud
Cloud computing is growing phenomenon as organization realize the importance cloud has in regards to data storage other than the ones which are sensitive in nature. As cloud computing platform and applications are being preferred by business in their day to day operations it is also growing more complex, in terms of securing the data being stored and managing the same. The 2018 Gemalto study says that cloud platform usage will increase upto 87% in coming years.
Cloud platform usage is also giving rise to complexity in securing the data and following compliance while securing the same data. Usage of cloud resources increase the risk of compliance one of the key finding of the study as managing data privacy and protection regulations in cloud environment is more complex than on premises.
73% of respondent in the survey said that organizations are at a risk as they face the challenge when they are unable to secure the encrypted data in cloud. While the challenge lies in the ability to protect the sensitive data in cloud says 57% of respondents and also being more careful in sharing information to third parties.This also give rise to the question as to who is in charge of protecting the data in cloud.
The survey results also revealed that respondents are of mixed opinions regarding who should be in responsibility for protecting the sensitive and confidential data in cloud. Fewer respondents said it is a shared responsibility, and rests are of the opinion of dividing the responsibility with cloud provider and cloud users. Only 46% say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.
Data at Risk in Cloud
IT professionals have increased the usage of cloud resources not only for storing data but also for processing that data for further usage. This means data in cloud can be accessed by anyone within the organization and also outside .This puts the data at risk not only from internal sources but from external sources which can be ranging from hackers to third parties.
This data can be anything from client and customer’s personal information, payment details and related information which they provide when making any important transaction. This data also include sensitive information related to the organization. Hackers are constantly on lookout for such sensitive data and getting access to cloud infrastructure which include exploiting its fertile environment to reap in profits.
The year 2018 gave innumerable examples of data leakage most of which are from cloud platform. One of them is the massive data leak of sensitive data of FedEx customers happened due to Tesla’s cloud servers infected with Monero miner. The number of sophisticated tools and techniques that has been applied to attack cloud infrastructure has increased in the past one year.
Challenges to Data Security in Cloud
The Gemlato survey in 2018 revealed that conventional security is not enough for cloud considering the infrastructure and platform of cloud computing since 50% IT professionals in organizations are not confident about all of cloud services being used in their organization.
Managing data privacy and data regulation in cloud is complex in nature then on premise. This leads us to the fact that organization needs to have a proactive approach towards protecting their sensitive data in cloud. This has to be followed with managing compliance and data protection regulation in cloud platform.
Within few years new method of attack will continue to evolve which will pose serious challenge to cloud infrastructure. This will requires organization to be more careful while sharing sensitive data to the third parties in cloud environment. One of the key challenges faced by organization is management of user’s identity in cloud platform. This also puts sensitive data at risk.
While a 63% employees surveyed said that their organizations have third parties accessing their data in cloud. Previously systems were in premise and data centers were provided with secure access. Moving to cloud and giving access to cloud data means having a greater visibility on the data by third parties which can include vendors, customers and partners etc. This also increases the chances of people with malicious intent to get access to this very data and exploit for personal reasons creating data vulnerability.
The survey revealed that the ability to encrypt data is important which will be growing up in the coming 2 years’ time. On an average every companies have management platforms as well as applications that require encryption. The research says only 47% encrypt to secure their sensitive data in cloud and 52% IT professionals revealed that their organization control the keys when data is encrypted in the cloud. But this encrypted data is also at a risk because companies are neither storing nor centrally securing the keys. Therefore securing the keys pose a severe challenge for organizations as the keys have the potential to unlock every encrypted data and secured information.
Multi factor authentications are used by organization to secure their data in cloud platform and provides IT security teams with broad visibility into access across multiple applications.But only 53% of employees surveyed said that their organization uses multifactor authentication to secure data in cloud. Considering the threat environment this is comparatively less.
Safeguarding the data in cloud and managing the same is also another task as respondents say that protecting sensitive data in cloud is a shared responsibility. The survey revealed that on an average, 53% of corporate data stored in a cloud environment is not managed or controlled by the IT department. While 49% say that cloud services make it more difficult to protect confidential or sensitive information.
Key Take Away From the Study
The study recommends that organizations need to take more measures and place greater emphasis on stronger data protection in cloud premise. This also includes deploying more of cloud based services like encrypting or tokenizing sensitive data, maintain control and ownership of encryption keys ,storing keys securely in hardware and separately from encrypted data.
Applying multi factor authentication to control access to cloud based business applications came up as a key recommendation.
Educating employees on security set up comprehensive policies for data governance and compliance is a one of the key initiatives organization must be doing on regular intervals. This will require imparting training to employees.
The next step is creating guidelines for the sourcing of cloud services including IT security in the process. Specific rules for securely storing data in the cloud and ensuring that rules are adhered to the security of such sensitive data in cloud is followed. 51% of the surveyed also revealed that it is difficult to control or restrict end users access to data in the cloud.
Therefore creating a robust security surrounding cloud infrastructure which includes improving compliance with regulatory mandates in the cloud by enabling IT departments to centrally manage data protection solutions across the organization.