Cloud usage was on the rise even before recent events made the rapid shift to remote work imperative for many organizations. More than 85% of organizations were using at least some public cloud services, and nearly 40% described themselves as “cloud-first” in their strategic approach to computing resource selection. Today’s numbers are likely even higher, with all major cloud providers’ most recent earnings reports revealing significant growth.
Naturally, as companies invest in cloud infrastructure and services, they’re moving growing amounts of their critical data to the cloud. Nearly one quarter of organizations keep more than 40% of their data in public cloud stores, while more than 75% store sensitive data in multiple public cloud providers’ infrastructure-as-a-service (IaaS) platforms or software-as-a-service (SaaS) applications.
As more data moves to the cloud—and employees are expected to work from anywhere, at any time, on any device—security teams are challenged to protect increasingly complex, distributed hybrid environments. Traditional perimeter-based and network-centric models for delivering security are no longer adequate for the current reality’s demands. Instead, we need cloud-powered security that takes a human-centric approach.
There’s no doubt that securing multi-cloud environments requires new ways of thinking. Here are our top three tips on how to confront the challenge.
#1: Focus on the data in your cloud apps, rather than its typical means of access.
In the early stages of SaaS applications’ adoption, security teams tend to assume that these cloud-hosted apps will still be accessed via the organization’s on-premises networking infrastructure. Security monitoring is focused on elements like routers, firewalls, or network traffic, with the goal of capturing anomalous file movements or activities within the corporate network’s perimeters.
Chief among the problems with this approach is that it prevents organizations from realizing the full value of SaaS business solutions. Employees can maximize their productivity when they’re able to access these cloud-hosted tools no matter where they are—using personal devices (BYOD), including mobile ones, while traveling or working from home, as well as via in-office hardware.
Data protection for cloud apps requires securing the data regardless of how and where it is accessed. It’s essential that security solutions cover the app itself so security teams can have meaningful visibility into potentially risky usage of both sanctioned and unsanctioned cloud applications, even when it occurs on unmanaged devices. A data loss prevention (DLP) solution that includes coverage for cloud apps will allow your team to apply the same policies to data stored in enterprise cloud applications that you’d enforce on-premises and in-network. It can also extend the same data discovery functionalities to your cloud-hosted software solutions.
#2: Apply unified policies across your entire environment—including all cloud providers’ infrastructures and on-prem.
Far too many organizations still maintain separate security teams for data stored on premises and data stored in the cloud. Unfortunately, this is one area in which organizational silos are a recipe for disaster. If you set different policies for on-premises data and data in the cloud, teams will need to expend a great deal of effort in order to reconcile them, and the process will have to be repeated over and over again with every change in the environment—and such changes usually take place at least daily.
Look for a DLP solution that can apply unified policies for all data in your environment—whether at rest, in motion, or in use within cloud apps or those running in your on-premises data center. This simplifies the process of conforming to compliance mandates and reduces your risk of suffering a damaging breach.
#3: Seek to implement dynamic risk-based policies, rather than static ones.
Multi-cloud computing environments are inherently complex and diverse. Data leakage could potentially occur within them in a near-infinite variety of scenarios. Block all of these with static policies, however, and you’ll be introducing roadblocks into many employees’ workflows. People will begin searching for alternative ways of getting things accomplished, even if this means using unsanctioned applications or bypassing security controls.
You can customize individualized and adaptive policies for various levels of risk, which can be determined upon the basis of behaviour and adjusted in accordance with how users act and interact with data. This dynamic data protection approach makes it possible for security to be frictionless. Without it, security teams will face an impossible dilemma: hear endless complaints from users or fail to block activities that may introduce real risk into the organization’s environment.