Protecting Data in the Cloud: Challenges, Technologies, and Requirements

The primary challenges facing enterprises as they store and process data in the cloud relate to security and compliance. In the Asia-Pacific region, data breaches have tended to be more prolific, with a higher average of enterprises affected globally in comparison to other regions (68% as opposed to 31%). Further, leaks due to cloud misconfigurations were also higher in the region (8%) than for the global average (3%). Combined, these lead to a greater risk of data being compromised.

This is compounded by that fact that penalties for non-compliance can be hefty as well: up to US$1 million in Japan, US$2.2 million in Australia, and US$7.5 million in China; 4% of global turnover in India, 10% in Singapore; as well as criminal penalties that can result in prison sentencing in Taiwan, Japan, the Philippines, and Vietnam.

The risk posed by misconfigurations of cloud-based servers and databases, the lack of transparency around cloud vulnerabilities, and varying data security policies from the different providers makes it challenging for enterprises to effectively address data threats and compliance effectively in cloud environments. To do so requires additional efforts and different approaches to sustainability, adding to the already complex management of data security that enterprises must deploy.

Data threats and compliance are issues that enterprises will have to face, regardless of their line of business, whether that is on-premises or in the cloud. A host of available tools are on the market, both proprietary and open source, that can address these issues. Foremost, encryption technologies are the primary tool of choice for data protection during transfer and at rest; they provide a persistent security envelope for data, regardless of location, ensuring confidentiality and integrity.

There are varying encryption possibilities open to enterprises on this front: file, application, and database. There are also encryption derivatives, such as tokenization and data masking, that may also serve to protect data. However, encryption on its own is not enough; it requires several supporting components, including access controls, key and secrets management, Hardware Security Modules (HSMs), and integration/interoperability enablers, such as Application Programming Interfaces (APIs). And these functionalities need to be able to address a range of data use cases that can take place in the cloud—from simple storage to DevOps, analytics, and computing.

Beyond security, data protection also calls for active data management, which means using discovery and classification tools, leveraging threat intelligence, and using business rules and security polices to keep track of data within cloud environments, whether the data are at rest, in motion, or in use. These are important for providing auditable records and can greatly simplify eventual compliance requirements.

The availability of these tools is one thing; their usage is another. Enterprises are faced with other challenges in their deployment, and the more tools and features, the more complexity this brings to everyday management. But data protection doesn’t have to be a complex or costly endeavor. It can be effectively addressed with tools that provide scale and flexibility, offer comprehensive approaches, and work to simplify and streamline usage.

A platform solution that can handle hybrid and multi-cloud deployments is the first imperative, providing one unified method of dealing with data, regardless of where they are placed. Orchestration is the key concept here and allows for comprehensive governance and management across the board on many different fronts.

Beyond that, automation is another important attribute, one that can significantly simplify day-to-day management as the data are used and/or moved. Critically, automation should not only apply to security policies and access control governing the data, but also be leveraged to update the platform with changes from external sources of information (i.e., threat intelligence, regulatory updates).

Finally, an important aspect is the viability of a data protection solution. Flexibility means not only that it can scale and grow along with enterprise usage, but also with changing digital environments. For example, flexibility may include being quantum resistant, the ability to deploy on confidential compute platforms, or be successfully used in cloud-based DevOps processes. Future-proofing is a difficult concept to implement, but enterprises need to be cognizant that long-term viability for data protection is very much predicated on security platforms and cloud providers’ ability to prepare for future challenges in a timely manner.