By Dan Benjamin, Co-Founder and CEO, Dig Security
Approximately 60% of corporate data now lives in the cloud, a number that has doubled over the last seven years. While the concept of cloud computing dates back decades, it is only in the past few years that organizations have begun to understand its full potential.
Cloud computing has enabled a new generation of products and services, facilitated a lightweight form of outsourced solutions, and improved the efficiency and cost of technology tools, among many other benefits. It has also brought additional security challenges.
In the days of exclusively on-prem computing, businesses could build a strong perimeter defense and know their data was contained. With data continually flowing between on-prem solutions, public clouds, and private clouds, organizations must rethink security – from how they use, house, and share data to the security vendors they work with.
Critical Need for New Solutions
The rapidly changing cloud landscape requires agile data security solutions built with this structure in mind. Traditional solutions and vendors were simply not built to handle the complexity of the cloud – they are either agent based, or network based. Moreover, cloud-native solutions only provide solutions for specific data types and particular clouds, significantly limiting their scope.
According to research, 89% of companies have multi-cloud environments. This underscores the importance of security leaders adopting multi-cloud solutions, as a single cloud solution creates additional siloes.
IT and security leaders must understand how their environment works in concert and know how data should – and perhaps more importantly – how data should not move between sources. For example, data sovereignty rules mandate that data remains within the geography in which it was collected.
While Cloud Security Posture Management (CSPM) solutions take a multi-cloud security approach, they lack the context of the data itself. Insight into the context of data is imperative. For example, is that data sensitive? Are the right controls set when it comes to sensitive data? Is the user allowed to access sensitive data? Is the action allowed in the case of sensitive data?
Technology like Data Security Posture Management (DSPM) is a great start to assess static risks and security posture taking a data centered approach, but it lacks real-time monitoring, detection, and response. Combining both static risk and real time detection and response is what security professionals today need to focus on. They require a single pane of glass covering the entire cloud and data store.
DSPM with real time data detection and response (DDR) offers visibility and classification, which is foundational to understanding the data an organization has and making informed decisions about how it flows across the different clouds. It’s key to leverage technologies that move at the speed of the cloud, enhancing security while reducing the operational burdens that IT and security teams face.
Both DSPM and DDR capabilities are critically important to meet today’s organizations’ needs around multi-cloud data security.
Protecting Data with DDR
DDR works on the data level, allowing organizations to create policies detecting and responding to data misuse and data exfiltration. When a bad actor, an inside threat, or even a well-meaning employee takes action that puts data at risk of exfiltrating the organization, DDR issues alerts to enforce a response to keep the data within proper areas across the company clouds.
A well-built DDR solution leverages extensive threat model of all data assets and can issue alerts based on a database of hundreds of real-life attacks.
An attack on data can be mapped to the different steps in a data kill chain, meaning the actor moves from reconnaissance to first move, and then to attack. Following are examples of such attacks on data:
- Reconnaissance – attacker scoping out its target running large queries on data to find vulnerability
- First Move – attacker disabling a specific configuration or other action that allows them to exfiltrate, delete, or manipulate data in production
- Attack – database deleted, database shared outside of the organization, data stolen, etc.
- Compliance – customer data flow without masking from production to development
- Asset at Risk – e.g., sudden increase in attack surface such as severe misconfigurations
Evolving Solutions for New Challenges
Modern problems call for modern solutions. Technology infrastructures continue to evolve, and security solutions must grow with them. Too many organizations try to patch together disparate solutions that protect each component individually, which is costly, inefficient, and, most importantly, ineffective.
Businesses must approach data security with a data focused approach. They need to protect data no matter where it goes or lives. Data remains an organization’s most important asset and must be protected as such.
As an organization grows, business and IT leaders must consider how security should evolve alongside it. The cloud improves how people work, connect, and operate companies – businesses need security solutions that go beyond previous iterations and meet today’s needs.