Conquering challenges around cloud-based data protection
With data protection in particular, as businesses have employees working from home, on-premise storage options for data protection are diminishing in popularity – for the simple reason that they won’t work anymore. Employees are not in the office and there is no more any connectivity between their user endpoints and the storage in the office. And most employees are working increasingly with SaaS applications and not connecting over a VPN to the office network. In fact, most office VPN systems were never designed to have their entire work force connect at the same time – so VPNs are not an effective solution when most of your workforce is working from home anyway.
As a result, we’ve seen an increased adoption of online cloud storage and backup adoption. The cloud based approach has always had its benefits in terms of cost (OpEx vs CapEx), flexibility (the freedom to terminate the subscription), elasticity (increase or decrease capacity based on need) and ease of management (no ping, power, pipe or patch management requirements). But adoption has increased dramatically during the pandemic. IN a recent study, respondents said that their organization’s top two goals were to “Set up remote access for employees” (57%) and “Moving more applications to the cloud” (51%).
On the other hand, the biggest fear around the move to the cloud has been cloud data security, with 71% of respondents listing that as the biggest concern for organizations about making a shift to the cloud.
Here are a few considerations to keep in mind from a security standpoint to ease that transition to online cloud storage:
- Security of data in transit – With teams working remotely, data being shared or backed up is traveling on the public internet. It is important that this doesn’t become a loophole that threat actors leverage. You should ensure that all communication uses HTTPS with current certificates – and works using port 443. All transmission should use TLS1.2 with strong ciphers.
- Security of data at rest – Ensure that your data is encrypted while at rest in the cloud destination and that Segregation of Duties (SoD) is enforced. This is an industry best practice which requires that the keeper of your data (the cloud storage target) is not also the keeper for the decryption keys. It is a risk management and security measure that ensures no two parties can perform the same part of a critical process or function. Make sure that even if your data is in the cloud, that you hold the decryption keys and that you have the ability to change them at any time.
- Zero Trust – Traditional, perimeter-based security models fall apart in the cloud/SaaS world. “Assume breach” is the new mantra. Strong identity management coupled with multi-factor authentication and using “least privilege” is the way to go. Think Azure Active Directory coupled with MFA mechanisms such as Okta.
- Device security – A common fear that organizations have with employees working from home is that enterprise data may leak into home devices. What if a user restores their enterprise data backup to a home device? Device based authentication is a great way to defend against this. Azure Active Directory provides device-based authentication options which are easy to configure.
- Audit logs and reporting – A sound audit logging and reliable reporting mechanism are critical not only to help you manage data protection operations, but also to demonstrate compliance. Audit sign-ins, flag risky sign-ins and get overall insight into when and who accessed your data through granular traceability.
While the challenges to cloud data security could seem intimidating during adoption, a well-designed backup solution built with security and privacy in mind, can help you navigate the move a lot easier. Like to know more about securing data in the cloud? Sign up to our newsletter or talk to our experts today!