Data protection in the cloud

Issue 1 2023 IT infrastructure

Rick Vanover.

The ‘Global DataSphere’ is exploding in size. IDC predicts that by 2026, the amount of data in the world will have doubled again. While most enterprises have digitised their operations, they continue to add more strategic workloads and create more and more data. So, as the amount of data enterprises have to deal with grows exponentially, moving to the cloud based on an elaborated strategy offers significant benefits like scalability, flexibility and cost-effective storage.

But can this go on forever? Gartner expects total worldwide end-user spending on public cloud services will reach a record $592 billion this year, a 21% increase from 2022. The Cloud Security Alliance (CSA) reported that 96% of companies say they have insufficient security for sensitive cloud data, so across the board we have a long way to go on this journey. Here are three best practices for enterprises to protect their data in the cloud.

1. Know your data

The first step to solving any problem is to know what you are dealing with. Before you can protect anything, you need to know who is storing what, and where. Is everyone in the business using the same accounts? To make sure this is done right, IT teams often need to play detective or go on a journey of discovery across the business. To find these threads, it is often necessary to look through finances and collect invoices for cloud costs across the organisation.

When brought together, the amount of data kept by most enterprises, whether it was migrated over from on-premises or originally stored in the cloud, is vast. Humans are natural hoarders, and the digital world is no exception. While the ‘virtual garage’ of the cloud can store endless boxes of data, locating everything is only half the battle. In order to know what data is mission-critical and sensitive, you will need to classify it.

Automated data classification engines can help you sort and organise, so you are not blindly trying to protect everything to the nth degree. Once you know exactly what you have stored on the cloud (and where) only then can you start looking at how this data is secured.

As organisations face a fairly low barrier of entry to move data to the cloud, teams may not have prioritised the security and network processes that are required; if the migration happened too fast this can easily be the case. Similarly, because the cloud is a completely different environment to secure, things are often missed. There are many new service types that do not always exist on-premises and many of these need to be protected and recovered in the case of attacks or outages. Examples of these include code in cloud storage, applications that leverage other cloud services, and APIs provided in the cloud.

2. Know your responsibilities

A key issue is enterprises often not realising exactly what they are responsible for, regarding security and data protection in the cloud. There is a big gap in awareness of the shared responsibility model on which cloud security is built. This means they assume the provider is responsible for certain security measures, when in reality it is their job. While it does depend on the cloud provider, typically the provider is responsible for the security of the infrastructure and the physical facilities that host it. Securing applications, data and access to the environment, however, is the responsibility of the customer.

In practice, this means enterprises need to ensure they have backups of all critical and sensitive data stored in the cloud, in case of breaches or outages. The best practice is to have multiple backups in different locations (e.g. one on-premises as well as a cloud copy) and have copies of data across different mediums, with at least one copy kept offsite, offline and immutable – even better yet, all three.

The other core security responsibility that lies with the enterprise is controlling access and privileges. If every user of your cloud has access to ‘God Mode’, any breach is going to be devastating. Likewise, if you are using a single account to do multiple functions like protection and provisioning.

The best practice is to ensure multiple accounts are used across the business, using access and identity management correctly across accounts and subscriptions, so you can easily remove the failure domain, in the case of a security breach. At a user level, ensure the principle of least privilege is followed across the cloud environment, so that people only have access to the resources and environments they need.

3. Keep it cost-effective

In all likelihood, putting the previous two principles into place will be a significant project for most enterprises. The good news is the initial heavy lift to do so will not be required again on the same scale. However, to keep the cloud environment healthy and cost-effective long term, it is important to have cloud data hygiene processes in place.

Ensure you have a proper data lifecycle process. Without it, the good work done initially will become ineffective and expensive over time, with the business paying to store and protect the wrong data in the wrong ways. Data needs to be on the right storage platform in the cloud – and this will change during its lifecycle. For example, it might move from block resource to object storage to archive storage. The costs associated with these are variable, so make sure you are not storing (or backing up) data in inefficient ways.

This is one small part of avoiding eventual ‘bill shock’ for cloud computing and storage costs. Beyond simple data, costs are API costs, data egress (transfer) and more. I always recommend enterprises have an established ‘cloud economic model’ that they follow to prevent costs from piling up and to ensure spending matches expectations. To use a real-life analogy, if you leave a light on or forget to cancel a subscription you no longer use, your monthly bills will be higher than expected. If this happens across an enterprise cloud environment, the total tally can be eye-watering.

As enterprises' (and the world’s) amount of stored data continues to grow over the next five years, the cloud is going to be a vital piece of the puzzle in managing this. Enterprises need to look beyond just storing and protecting their data, and look at ways to utilise it and unlock value for their business and their customers. Doing this requires re-factoring for greater agility, but this will also mean the business is prepared for the ‘whatever’. Cloud computing is nothing if not dynamic, and will continue to evolve, with best practise bound to change. If enterprises become data-centric now, on both the cloud and on-premises, they will be ready for whatever the future throws their way.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

A smart start for South African cities
Integrated Solutions IT infrastructure
Cameras and sensors can kick off smart city strategies in cities around South Africa, leading to not only improved security and safety, but also better service delivery in areas like electricity and water provisioning.

The smart foundation of the digital business
IT infrastructure
Autonomous networks take an advanced step beyond merely automating components: they use artificial intelligence (AI), machine learning to self-configure, self-manage, and self-heal, ideally becoming better all the time.

Converged infrastructure: Beyond the hype
IT infrastructure Products
Technical teams no longer have to sit and try to work through a magnum opus of manuals for every layer of computing, networking, and storage, largely thanks to the growing popularity and increasing success of converged infrastructure.

Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Top skills young people need to get ahead in the tech industry in 2023
IT infrastructure
The rise of remote working, e-commerce, artificial intelligence and cloud computing means that software developers are, and will continue to be, at the coalface of the fourth industrial revolution.

Storage trends for 2023
IT infrastructure
As a leader in the enterprise storage market, Infinidat sees five storage trends unfolding in 2023. Looking ahead, 2023 is shaping up to be an exciting year in the storage market.

Remote cloud management support for access points
TRENDnet IT infrastructure Products
TRENDnet Hive is an advanced network cloud management solution, designed to save users time and cost by simplifying and centralizing the management and monitoring of a network(s) and networked devices.

How to avoid a wipeout
Arcserve Southern Africa IT infrastructure Security Services & Risk Management
Wiper malware aims to delete your data permanently and cause as much destruction as possible. Byron Horn-Botha, Business Unit Head at Arcserve Southern Africa offers readers three steps to protect the organisation from these malicious applications.

Hardening physical security against cyberattacks
Genetec Editor's Choice Cyber Security IT infrastructure
As the world becomes increasingly interconnected through the move to cloud computing and Internet of Things (IoT) devices, cybercrime has risen steadily, along with tools to combat it. Geopolitical tensions have the potential to rapidly unleash devastating cyberattacks worldwide.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.