This post was originally published here by Anurag Kahol .
After the Capital One hack, our phones are abuzz with customers seeking security. The answer is simple, encrypt your data!
The Capital One breach is the first major breach that exploited an application flaw to expropriate a large amount of sensitive data. Prior cloud breaches were the result of poor security posture and configuration management by administrators, e.g. data repositories were accidentally configured to be “public” rather than “private.”
Security posture and configuration management can be hardened via Cloud Security Posture Management (CSPM) technologies that regularly scan the cloud platform – AWS, Azure or GCP – to check for exposed data or compliance violations. But CSPM cannot protect against hacks that exploit software vulnerabilities to steal data. The only protection against the latter is to encrypt the data at an independent CASB, with keys resident on a HSM controlled solely by the customer. Native encryption such as that offered by some IaaS vendors, or in some cases SaaS vendors, offers no defense. Access to the platform enables decryption of the data in one click.
Photo:CIO East Africa
