Most business and IT leaders today recognise the value of the cloud to create more resilient, scalable, and versatile organisations. Unfortunately, the perception persists that the cloud is inherently less safe than on-premise solutions and that it’s just a risk that organisations have to take to stay competitive.
However, that’s not always the case. When implemented correctly, using modern-day best practices, the cloud can be a secure home for your sensitive data. It can even improve security, particularly in remote environments, by promoting compliance and removing the burden from the user.
Why Move Sensitive Data to the Cloud?
Global cloud spending is predicted to reach $544 billion by 2022, a YoY increase of 20%. Obviously, there must be a significant impetus for organisations to invest so much into this one facet of their tech ecosystem.
Here's why organisations are moving their sensitive data to the cloud:
- Complete push to cloud: For many companies today, most of their operations already take part at least partly in the cloud. However, many organisations have kept their sensitive data in offline silos. Now, organisations want to bring their sensitive onboard as well to maximise the wholesale benefits of the cloud.
- Cost optimisation: Running physical data centres purely for sensitive data often doesn’t make sense in terms of economies of scale.
- Deliver innovative services: Cloud platforms today have invested in making leveraging cutting-edge technologies, like AI, machine learning (ML), and Big Data, highly accessible.
- Retire existing cloud commit: Optimising costs by unifying their cloud systems with the inclusion of sensitive data.
Why Not Just Leave Protecting Sensitive Data to Cloud Service Providers?
Cloud Service Providers (CSPs) have a massive incentive to invest in cloud security to outcompete each other. Names like Google (GCS), Microsoft Azure, and AWS have far more capital to invest in developing native security than the average business. In a way, organisations can leverage security infrastructure far beyond their means by using cloud services.
However, that being said, individual organisations are still ultimately responsible for securing their sensitive data in the cloud using these tools and frameworks effectively.
For organisations today, these are the most poignant threats when it comes to sensitive data in the cloud:
- Malicious Insiders
- Human Error
Organisations also need to ensure that they are compliant with various security mandates like GDPR and Schrems II.
The final reason organisations should pay attention to how they secure sensitive data in the cloud is to uphold their digital sovereignty. This is so that organisations maintain control over their digital destiny and how they can use and leverage these digital assets.
There are three main pillars of digital sovereignty:
- Data sovereignty: Being able to deal with the threats of nation-state subpoenas, mandates like GDPR, etc.
- Operational sovereignty: The ability to protect data against bad actors, like hackers, cyber criminals, malware/ransomware, etc.
- Software sovereignty: Control access and how you use data, e.g., avoid vendor lock-in and be able to migrate data when and how you please.
Ensuring Digital Sovereignty - Discover, Protect, Control
The following is a simple yet effective and universal framework for exercising digital sovereignty:
You can’t protect data if you don’t know that it exists, what it is, or where it is. So, the first step is to identify your data, the risk profile, the applicable compliance and governance mandates, etc.
This may seem trivial and obvious, but only 54% of organisations know where all their sensitive data is stored.
It’s also inefficient to lock down all data. So, organisations should take the time to organise data into sensitive and non-sensitive categories and implement security policies accordingly.
Implement security measures, such as encryption, role-based access, and SSO, wherever needed. Too many organisations only aim to tick the compliance box by putting in the minimum effort required. However, not implementing a tailored, best-effort security policy can leave your sensitive data vulnerable.
For example, employing rigorous key management policies and securing keys. Many organisations think that using encryption is enough but fail to store and manage keys securely. This is akin to locking your door but leaving the keys outside in plain sight.
You can take several key management approaches, and many cloud security platforms, like Thales, offer them baked-in. Different approaches differ in the balance between data portability and customer control they offer, for example:
- Public cloud with native encryption – Full cloud provider control
- Public cloud keys externally managed (BYOK) – Partial customer control
- Keys stored and managed outside the cloud (HYOK) – Stronger customer control
- Centralised key management and encryption (BYOE) – Full customer control
How Thales Helps Organisations Secure Sensitive Data in the Cloud
Thales has developed a unified platform, CipherTrust Manager, that allows organisations to secure sensitive cloud data while exercising full digital sovereignty.
It provides tools that help organisations across every stage of the data lifecycle, including Discover, Protect, Control and Monitor.
Its discovery and certification tools simplify data security, while its FIPS 140-2 Validated security mechanisms, including data-at-rest encryption, provide unparalleled peace of mind. Extensive developer APIs give organisations complete control over how, when, and where they access and use their data with tailored key management policies. Lastly, they offer tools for actively monitoring and ensuring relevant compliance.
Get in touch to find out how Thales can help keep your data secure in the cloud.