As our digital universe continues to undergo explosive growth, it’s imperative that we find new ways to secure data in the cloud. Technology research firm IDC says the digital universe is a measure of all the digital data created, replicated and consumed in a single year. Digital data is also stored, increasingly in a place called “the cloud.” From now until 2020, the digital universe will nearly double every two years.
What’s in this vast universe of bits and bytes? Photos of our friends and family. Videos we post on YouTube and movies we download from NetFlix. Banking data swiped at an ATM. Health data collected by medical devices and used by doctors and treatment centers. Tax statements submitted to the federal and state governments. The list is endless. Virtually every aspect of our lives today has some component of digital data.
Securing this data is a concern. The proportion of sensitive data in the digital universe that requires protection is growing faster than the universe itself. What’s more, by 2020 nearly 40% of the information in the digital universe will be touched by cloud computing providers.
As we collectively put more and more business as well as personal data in the cloud, we expect cloud providers to fully secure the data. However, that’s rarely the case today. Hardly a day goes by without headlines about another significant data breach.
Cloud providers must adopt a defense-in-depth strategy for data security. This means using layers of security technologies and business practices to make sure that data is protected in multiple ways. A good cloud security plan starts with data encryption but certainly doesn’t end there. In fact, there are five keys to cloud data security.
The first tactic that IT security professionals deploy is data encryption, which uses mathematical algorithms to hide the real values of the data. If the data is stolen, it is meaningless without access to the algorithm, or key, to unlock it. Encryption is a tried-and-true technology that can be used on structured data (e.g., numbers) as well as unstructured data (e.g., text). Today’s encryption schemes can preserve the format of the data and maintain critical user functionality like searching and sorting within applications.
The next layer of defense is contextual access control. Security policies dictate who can access data from what device and where (geographic location). For example, a doctor can access patient records using his iPad while in the hospital but not during off-hours at home.
Data loss prevention (DLP) technology ensures that specific data is not sent to the cloud in clear text. DLP can protect very sensitive data like social security numbers, credit card numbers and patient records by ensuring that it is not stored in the cloud in general but if it has to be then it is first encrypted.
Application auditing creates a detailed audit trail of user actions within enterprise applications—a list of who did what, and when. This helps administrators detect unusual activities that might indicate a data breach and it is a fundamental pillar of all data compliance, privacy, and governance regulations.
And finally, cloud providers must enforce all of the security policies mentioned above (e.g., encryption, access control) as data moves from one application to another; for example, as financial data moves from credit scoring applications to a mortgage origination application.
Data security in the cloud is critical and can’t be left to chance. Cyber criminals are good at attacking weak defenses. Only a thoughtful, multi-layered, defense-in-depth approach to security will protect our growing digital universe.