The latest debacle of millions of Facebook users data left exposed on the Amazon cloud computing servers, have surely startled people and definitely brought the issue of data security in the cloud into the limelight again. Over 540 million user records stored on the AWS servers including account names, comments, likes, email addresses, etc. are allegedly leaked by the Cultura Colectiva a digital platform. The Pool, a third party app have made public photos, interests and even passwords of 22000 users as revealed by the UpGurd a cybersecurity firm who found these two data breaches. Both are using Amazon cloud servers as their storage platform.
Though AWS is not responsible for the data stored on their servers it is frightening for sure! And clearly depicting the results of poor data management and security with sloppy data custodians. But to put your business in the fast track of the digital transformation adopting cloud computing is obvious. The only way seems to ensure that your data is secure and protected well in the cloud is to go with a comprehensive cloud strategy and ensuring compliance to it. Let’s revisit the key aspects of the cloud data security in the cloud first to understand the data security in the cloud and its importance.
Regardless of the cloud computing choice, a public cloud or a hybrid cloud or maybe a private cloud solution the data must be protected from the unauthorized access that includes encryption of the data and also the controlling carefully who views and using it. Sometimes granting access is inevitable such as the developers need to harvest data to make a product better or need to test an application. But in such situations, data reduction solutions can come handy and Oracle data reduction tool is a popular one trusted by the many in the industry.
But the data privacy initiatives should start with discovering sensitive data, defining and classifying the data types and find the location where the sensitive data resides. Even better to determine exactly how much of these sensitive data should leave the premise and sent to the cloud before the cloud migration, to remove the risk of the future data breach at all. There are AWS has Macie and Microsoft Azure possess Azure Information Protection(AIP) including plenty of third-party tools like Tableau, Fivetran, Logikcull, and Looker to locate and classify the sensitive data.
Data integrity is maintaining the data consistency and accuracy by preventing any unapproved alteration or deletion of the data. It is simple when it comes to a single database with a single point of entry and the out. But the same becomes much more complicated when to implement in the cloud especially in a multi-cloud environment. Here the authorization becomes critical to control who can enjoy the privilege of accessing the data and interacts with it. Two-factor authorization, and overseeing actions like who have logged in, accessed the data, or modified it, are some effective means to protect the integrity of the data. Trusted platform module allows for remote data checks are also very useful to preserve data integrity.
In cloud computing system some amount of data is accessible to everyone because of the nature of the business. In fact, data availability and latency are one of the compelling reason to migrate the business to the cloud. So to ensure the data security multiple sets of data accounts can be allowed with their own sets of permissions to control the data access. It will help to limit the privileges to the persons who needed to see the data and the part they needed to see or allow them to do any modifications as decided by the organization.
While signing the service level agreement (SLA) with your cloud provider details should be considered carefully as your mission-critical data is going to be stored on the third party servers. Especially SLA should include the provision to determine the location where the data is stored. AWS allows you to know the region where your data is stored which can become crucial in case of maintaining compliance and response time.
Each cloud service providers has different policies and business benefits. Like AWS provides 99.99 percent availability to the stored objects contrary to the Microsoft Azure offering 99.9 percent availability to the major Azure storage options. Each one is ideal for different purposes like rarely used data can be stored in Amazon’s Glacier, the best place to reside your unstructured data is Microsoft’s Azure blob storage, and Google Cloud’s SQL is perfect for MySQL databases.
Stringent laws are getting introduced around the world regarding data privacy and being the data originated in one place and data owner resides in another with the data getting stored in some other region or country. So in the case of data leak or any data breach, it becomes complicated. Most of the times cloud service providers waving off the responsibility the liability falls to the customers and thus they have to be well informed of the data protection and privacy laws that concerns their area of operations.
The US alone has the Payment Card Industry Data Security Standards (PCI DSS), the Health Information Portability and Accountability Act (HIPAA), the International Traffic in Arms Regulations (ITAR) and the Health Information Technology for Economic and Clinical Health Act (HITECH). In addition to that, there is the Europe General Data Protection Regulation (GDPR) with its stringent rules and huge penalties. The United Kingdom also has a UK Data Protection Law and Swiss Federal Act on Data Protection along with many countries in European Union insisted that the sensitive and private information should not leave the territory or the country where they have originated. Also. There is the Russian Data Privacy Law, and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
There are many sophisticated data encryption techniques that are being employed in the cloud. Mostly, cloud service providers with Key Based Cryptographic Algorithms store the keys with them but cloud-based CRM apps like Salesforce and Dynamics use security token rather than keys replacing the sensitive data with non-sensitive token elements.
Data has always been encrypted by the cloud service providers while in transfer and maximum times it has been implemented through the browser interfaces. Though there are a few cloud service providers like Mega and SpiderOak who do it by using a dedicated client. Many cloud service providers again allow the customers to hold the encryption keys under the key management solutions with the customers controlling the access.
Data in transit encrypted is alone not enough the protocol through which the data has been transferred should provide confidentiality and integrity as well. Decryption of data is obvious for processing, and indexing and searching of data is not possible with data at rest when encrypted. Though data tagging is used to protect the unauthorized access of commingled data still the application vulnerabilities may lead to data leakage. Also, there is lots of confusion concerning the encryption key management issues and failure to implement an integrated policy and ensuring people’s compliance regarding data security in the cloud.
Need more advice on data security in the cloud? Just drop us a mail at firstname.lastname@example.org to consult with our cloud professionals experienced in multiple cloud migration, management, and cloud-based service implementations