3 best practices to protect sensitive data in the cloud

Follow these three essential best practices to protect customer or proprietary data in cloud apps and infrastructure.

cloud security lock
Thinkstock

A recent survey by BetterCloud finds that, on average, enterprises are using 80 separate third-party cloud applications to collaborate, communicate, develop, manage contracts and HR functions, authorize signatures and otherwise support business functions that process and store sensitive data. These types of apps are referred to as SaaS (software as a service).

Organizations are also spinning up applications and entire businesses on public platforms (PaaS, or platform as a service) and infrastructures (IaaS, or infrastructure as a service). In 2020, 76% of enterprises ran their applications on Amazon Web Servers (AWS) and 63% ran apps on Microsoft Azure.

These public cloud services are all necessary and productive, and even hold promise of a more secure environment than traditional data centers, says Michael Johnson, advisor to and former CISO of Capital One. However, they also bring unique risks to sensitive data being processed and stored in these clouds, and most of those risks are caused by customer error in the setup and management of those services.

Johnson guided Capital One through a public incident in 2019 that exposed 80 million personal records. In it, the attacker took advantage of a poorly configured third-party cloud environment. Johnson and his team contained the breach and helped get the data thief arrested quickly before any data was exploited thanks to a strong response plan, transparency with the board and executive team, and pre-existing relationships with law enforcement.

Having a response plan that addresses the risks of placing sensitive data in the cloud should be part of any cloud security policy. To start on data protection policies for public cloud usage, it’s important to know how data from public third-party cloud services can be exposed or stolen.

To continue reading this article register now

21 best free security tools to make your job easier