2016 witnessed some of the largest data breaches ever, but 2017 could be even worse as companies move to the cloud without proper security preparedness
LinkedIn, Tumblr, MySpace and a host of other social entities were not spared this year. Corporations too suffered their share of ignominy. There are no certainties in attack targets: no institution, government, organization or entity is immune against a data breach. Every year, the number of breach incidents surpass the record from the previous year. There have been nearly 2,300 confirmed cases of data breaches in 2016. This number will continue to increase as more companies are adopting cloud solutions for communication, transaction, storage, and service without due attention to encryption standards.
While companies are moving to the cloud for the benefit and future growth of their business, they are ignoring the fact that virtual environments are not always fully secure. Remember that in the eventuality of a breach, corporations—not cloud providers—would be held accountable. It is time for corporations to be concerned about their security policies. For instance, a large number of them allow their employees to use Enterprise File Sync and Share (EFSS) services such as Drop Box or Box for increased collaboration. As Drop Box is in the public cloud, and control over security is with the provider, not the customer, this exposes the organization endpoints to vulnerabilities. Another crisis alert: Companies are unaware of the threats when they outsource equipment and resources like servers, storage and networking to vendors such as Amazon Web Services or Windows Azure. In other words, organizations lack the ability to oversee day-to-day operations of cloud management.
The world-famous data breach at Target is still fresh in everyone’s memory. Writing two years later in Between the Lines, Natalie Gagliordi, observed, “To this day, Target has not disclosed precisely how the breach occurred or what exactly it has done to prevent another attack on its system.” According to a 2015 Spice works survey; more than 60% of businesses utilize cloud for performing IT-related operations, which makes it difficult to secure business-critical applications. There have been over 100,000 reported incidents of data breach in 2016 (only a miniscule portion of it has been categorized as “confirmed cases”).
When it comes to security, the common approach to encrypting data for storage in cloud infrastructure environments is to encrypt network traffic. Companies effectively give up ownership of that particular service to the provider—but this is not ideal. Data encryption, when executed properly, protects the sensitive information stored within any given organization. Although there are many myths attributed to data encryption (too expensive, too difficult to manage, too cumbersome to deploy), the surprising truth is that at its core, data encryption provides a foundational piece to any data security protection strategy. As previously mentioned, the increasing enterprise adoption of cloud technology, particularly EFSS services, has created a need for security solutions to be able to encrypt files at the endpoint before they are synchronized to the cloud. This can be done with encryption solutions that enable the end-user organization to maintain control over the encryption key management of files stored in the cloud. According to the Spice works survey, approximately one-third of organizations encrypt, or plan to encrypt, data at the disk/device levels.
Now this brings us to look at encryption at a closer level. There are two ways of ensuring that protection across multiple cloud environments and devices lies within the full and exclusive control of your organization. These security options include:
- Encrypting and managing data that is stored in virtual machines and Infrastructure as a Service (IaaS) platforms.
- Encrypting files at the endpoint before they are synchronized to enterprise file sync and share (EFSS) services across a range of enterprise platforms.
It is important that organizations have in place a common platform that offers security across all cloud platforms, enforces encryption through security policies, and synchronizes encrypted content transparently. Solutions such as SecureDoc CloudSync enforce transparent file encryption on cloud folders through policies to ensure that data is protected. SecureDoc CloudSync offers an additional layer of security: it ensures that files are always encrypted at the end point before they are even moved into a cloud service, thus removing the risks of any data breaches in the cloud. Moreover, smart security tools empower you to have complete control. They protect your data in public, private and hybrid cloud environments. They also ensure that your volume and full disk encryption keys are in exclusive control of your organization. Solutions like SecureDoc CloudVM enable a unified encryption strategy across any end point, virtualized or cloud IaaS environment. SecureDoc CloudVM increases enterprise security, ensures encryption compliance, reduces complexity and removes silos of encryption within your organization.
One cannot argue against the fact that cloud technologies are changing the way the entire world executes and conducts business. Organizations willing to invest in the cloud must also be educated on the importance of investing in security solutions that protect their business, particularly data, once moved to the cloud. Organizations must understand the environment to which they will soon be operating in, and the risks associated with it. Most importantly, to enhance security in cloud infrastructure solutions, organizations must find solutions that are facilitate the end-users understanding cloud data breach risks, their role in protecting this data through proper encryption compliance.
Authored by Rahul Kumar, Country Manager, WinMagic