Data protection in the cloud: 3 best practices
The “Global DataSphere” is exploding in size. IDC predicts that by 2026, the amount of data in the world will have doubled again. While most enterprises have digitised their operations, they continue to add more strategic workloads and create more and more data. So, as the amount of data enterprises have to deal with grows exponentially, moving to the cloud based on an elaborated strategy offers significant benefits like scalability, flexibility and cost-effective storage.
But can this go on forever? Gartner expects total worldwide end-user spending on public cloud services will reach a record $592 billion this year, a 21 per cent increase from 2022. This rapid level of growth and migration raises some concerns at an enterprise level, with fast “lift and shift” migrations meaning best-practices for modern data protection aren’t followed. The Cloud security alliance (CSA) reported that 96% of companies say they have insufficient security for sensitive cloud data - so across the board we have a long way to go on this journey. Here are three best practices for enterprises to protect their data in the cloud.
1. Know your data
The first step to solving any problem is knowing what you're dealing with. Before you can protect anything, you need to know who’s storing what and where. Is everyone in the business using the same accounts? To make sure this is done right, IT teams often need to play detective or go on a journey of discovery across the business. To find these threads, it is often necessary to look through finances and collect invoices for cloud costs across the organisation.
When brought together, the amount of data kept by most enterprises, whether it was migrated over from on-premises or originally stored in the cloud, is vast. Humans are natural hoarders, and the digital world is no exception. While the “virtual garage” of the cloud can store endless boxes of data, locating everything is only half the battle. In order to know what data is mission-critical and sensitive, you’ll need to classify it. Automated data classification engines can help you sort through and organise - so you’re not blindly trying to protect everything to the nth degree. Once you know exactly what you have stored on the cloud (and where) only then can you start looking at how this data is secured.
As organisations face a fairly low barrier of entry to move data to the cloud, teams may not have prioritised the security and network processes that are required - if the migration happened too fast this can easily be the case. Similarly, because the cloud is a completely different environment to secure, things are often missed - there are lots of new service types that don’t always exist on-premises and many of these need to be protected and recovered in the case of attacks or outages. Examples of these include code in cloud storage, applications that leverage other cloud services and APIs provided in the cloud.
2. Know your responsibilities
A key issue is enterprises often not realising exactly what they’re responsible for regarding security and data protection in the cloud. There is a big gap in awareness of the shared responsibility model on which cloud security is built on. This means they assume the provider is responsible for certain security measures when in reality it's their job. While it does depend on the cloud provider, typically the provider is responsible for the security of the infrastructure and the physical facilities that host it. Securing applications, data and access to the environment, however, is the responsibility of the customer.
In practice, this means enterprises need to ensure they have backups of all critical and sensitive data stored in the cloud in case of breaches or outages. The best practice is to have multiple backups in different locations (e.g. one on-premises as well as a cloud copy) and have copies of data across different mediums, with at least one copy being kept offsite, offline and immutable - even better yet, all three.
The other core security responsibility that lies with the enterprise is controlling access and privileges. If every user of your cloud has access to God Mode, any breach is going to be devastating. Likewise, if you’re using a single account to do multiple different functions like protection and provisioning. The best practice is to ensure multiple accounts are used across the business, using access and identity management correctly across accounts and subscriptions so you can easily remove the failure domain in the case of a security breach. At a user level, ensure the principle of least privilege is being followed across the cloud environment so that people only have access to the resources and environments they need.
3. Keep it cost-effective
In all likelihood, putting the previous two principles into place will be a significant project for most enterprises. But the good news is the initial heavy lift to do so will not be required again on the same scale. However, to keep the cloud environment healthy and cost-effective long term, it's important to have cloud data hygiene processes in place.
Ensure you have a proper data life cycle process. Without it, the good work done initially will become ineffective and expensive over time, with the business paying to store and protect the wrong data in the wrong ways. Data needs to be on the right storage platform in the cloud - and this will change during its lifecycle. For example, it might move from block resource to object storage to archive storage. The costs associated with these are variable, so make sure you’re not storing (or backing up) data in inefficient ways.
This is one small part of avoiding eventual “bill shock” for cloud computing and storage costs. Beyond simple data, costs are API costs, data egress (transfer) and more. I always recommend enterprises have an established “cloud economic model” that they follow to prevent costs from piling up and ensure spending matches expectations. To use a real-life analogy, if you leave a light on or forget to cancel a subscription you no longer use, your monthly bills will be higher than expected. If this happens across an enterprise cloud environment, the total tally can be eye-watering.
As enterprises' (and the world’s) amount of stored data continues to grow over the next five years, the cloud is going to be a vital piece of the puzzle in managing this. Enterprises need to look beyond just storing and protecting their data and look at ways to utilise it and unlock value for their business and their customers. Doing this requires re-factoring for greater agility, but this will also mean the business is prepared for the ‘whatever’. Cloud computing is nothing if not dynamic, and will continue to evolve, with best practise bound to change. If enterprises become data-centric now, both on the cloud and on-premises, they’ll be ready for whatever the future throws their way.
-- Contact us at [email protected]
-
Integration of GIS and BIM can drive development of smart city Dr. Winnie Tang
The China Association for Geospatial Industry and Sciences (“the CAGIS”) released the Top Ten Highlights of China's Geographic Information Industry in 2023, which provides much inspiration. The
-
Equip young people for the future Dr. Winnie Tang
In late February, the inaugural flight of an air taxi from Shenzhen Shekou Cruise Homeport to Zhuhai Jiuzhou Port took only 20 minutes with an estimated one-way ticket price of 200 to 300 yuan per
-
Are we raising a generation of leaders, or of followers? Brian YS Wong
The essence of education is defined not by the facts it imparts, but the potential knowledge it inspires students to individually pursue on their own. Put it this way – the ideal form of education
-
The urgent need for reforms to sex education in Hong Kong Sharon Chau
Nearly one in every four university students (23%) in Hong Kong has been sexually harassed, according to a 2019 report published by the Equal Opportunities Commission (EOC). A 2019 study found that
-
STEAM should be linked to real life Dr. Winnie Tang
In the 2017 Policy Address, STEM (science, technology, engineering and mathematics) education was proposed as one of the eight major directions to promote I&T development. Since then, funding has
-
首屆「中華文化節」六月開幕 感受中華傳統文化多元魅力
-
Russia’s nightmare – loss of Far East
-
呈獻精彩絕倫的音樂盛會
-
非凡彩寶之旅 Winston Candy & Winston Kaleidoscope系列
-
My Brief Remarks – at the HKS China Conference
-
The perils of self-censorship
-
中華文化節2024系列~八台戲曲亮相中華文化節 新編粤劇《大鼻子情聖》打響頭鑼
-
DIOR MEN Fall 2024~Effortless Chic流麗衣櫥
-
伊藤詩織:紀錄片是改變的一部分
-
WALTER ALBINI 意大利時裝的無名英雄