How to protect data in the cloud?
According to the Colliers report, as of October 2022, the hybrid work model had been implemented in 89 percent of companies, with the majority of employees working remotely 2-3 days a week. One of these organizations was a healthcare company. It has more than 800 terminal devices in its inventory. The main challenge the company faced before moving to hybrid mode was securing its resources in the cloud, known as Security in the Cloud.
How to protect data in the cloud? What are the challenges involved?
- Giving the right permissions to employees.
- Securing cloud resources from data loss, copying and “pulling” outside.
- Securing resources from unauthorized access.
The cornerstone of securing cloud data is the use of solutions to authenticate access to it – as many as 81% of breaches use stolen or weak passwords, according to analysis results reported by RSA.
Multi-Factor Authentication (MFA) enables verification that the person logging into cloud resources is who they say they are. In addition to a login and password, MFA requires the user to have an additional way of verifying their identity, such as having a physical device on which they receive a verification code. The module that performs this task is SecurID SSO within SecureID.
An important aspect of securing data in the cloud is full transparency in controlling user access to individual resources. For this purpose, identity management systems are used: IAM – Identity Access Management. They collect the most important information about users’ digital identities, allow automating the processes of granting, verifying and revoking digital identities, which reduces the likelihood of leaking confidential information. The IAM tool used to manage access to data in the cloud is RSA SecurID Identity Governance & Lifecycle.
Cloud Access Security Broker (CASB) class solutions are also used to protect documents stored in the cloud from falling into the wrong hands. They provide the administrator with a package of information about the files being uploaded and downloaded, where they go, and the user who performs operations on them. CASB allows secret data to be sent only to specific destinations, ensuring full encryption. When information leaves the internal network in a way that does not comply with the security policies, the connection is severed and the administrator can immediately respond to the situation. An example of a CASB tool is CloudSOC CASB.