@CloudExpo Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

Storms Brewing in the Cloud By @E_deSouza | @CloudExpo [#Cloud]

What data breaches mean for cloud computing

Recent events have taught us that everyone is vulnerable to data breaches. Now that the majority of businesses are running services in the cloud, whether sanctioned, rogue or Shadow IT, there is much work to be done in beefing up cloud security. And, with each major data breach that takes place in the cloud, trust in the cloud is further eroded.

Cloud Is an Attractive Target for Data Breaches
The increasing pervasiveness of the cloud makes it an attractive target for hackers and cybercriminals. Cloud is not only for business and leisure applications; it's also the back end for electricity grids, water treatment plants, healthcare applications, smart cars, smart refrigerators and so much more. With each device or source that connects to the cloud it creates additional pathways or access points for unauthorized users to infiltrate. The increasing volume of data that is either stored or transacted in the cloud is a strong lure for hacktivists and cybercriminals.

Securing Against Data Breaches Starts with a Strong Governance Model
Governance is a trending term that is used very loosely to describe a number of functions. But in the context of data breaches in the public cloud, an excellent starting point is establishing a dynamic model for for data through its lifecycle - that is from its creation to its eventual destruction that includes classification, entitlements and access rights and a chain of custody.

Why a Data Classification Model Is Needed
Applying uniform levels of data security is not sustainable and it doesn't make sense. Data needs to be protected according to its sensitivity, value and context. There isn't a one-size-fits-all classification model that applies to all data. It will vary from one business to another and is also based on contextual elements such as where the data is being transacted and stored, who is accessing it and how it is being accessed. However, it needs to be intuitive enough that depending on where the lines of responsibility lie, your cloud service provider can easily follow your scheme.

Entitlements and Access Rights
Cloud by its distributed nature coupled with increased pathways from user to the cloud means that access controls need to be considered. A user might access services across multiple clouds so access control policies need to support a mechanism that transfers those user credentials across those services and resources. Data owners also need to able to declare access and entitlement rights, and service providers need to make it easy to do by using data tagging elements that are easily accessible to data owners.

Chain of Custody
Although the cloud consuming organization still owns the data, the cloud provider becomes the custodian. In order for data owners to have the assurances that they would otherwise have in an enterprise setting, they need to have granular controls over their data. For example, data owners should have the right to limit which users can modify, transmit and copy data. This is where cloud security brokers who offer these types of controls can help streamline this process. Data owners also need to be able to determine what data gets encrypted and retain control over the keys.

The above aspects are sometimes overlooked when organizations move to public cloud computing. Yet, they can play a pivotal part in helping beef up security and mitigating the effects of today's data breaches.

More Stories By Evelyn de Souza

Recognized as one of the top ten women in cloud (CloudNOW), Evelyn De Souza, chair of the Cloud Security Alliance Data Governance Working Group and a leader at Cisco, is a pioneer in the cloud security space and deals with these issues on a daily basis. According to Evelyn, the network becomes pivotal in redefining cloud security and providing new levels of trust, visibility and resilience.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.