Knowledge Byte: Major Data Protection Considerations in the Cloud
Cloud Credential Council (CCC)
One of the most challenging aspects of moving to cloud deployment is transferring data from your local (on-premises) environment into the cloud.
While there are many criteria to consider when deciding how to implement and leverage file transfer activities within your organization, there are really a few simple areas to focus on:
● Choose a secure protocol such as:
○ SSH File Transfer Protocol (Secure File Transfer Protocol or SFTP)
○ Transport Layer Security (TLS)
○ Secure Sockets Layer (SSL)
● Implement data protection
● Utilize effective encryption technology
● Maximize access controls
● Leverage auditing and reporting functionality
● Adhere to corporate and industry compliance policies
Loss of Control on Data
The biggest risk in expanding existing storage into a public or multi-tenant cloud is a loss of control or perceived loss of control. A minimal outline that an organization should follow for security regulated data in the cloud is given below.
- Policy: Classify all data according to its sensitivity, for example, regulated, commercial, or collaborative data, to ensure secure and compliant handling.
- Process: Digitally tag or watermark all data according to the defined categories, regulated, commercial, or collaborative prior to transmission, storing, and using within cloud service.
- Policy: Protect all data according to its classification level to prevent misuse or abuse of the data.
- Define data usage contexts and flows based on known business processes and between systems.
- Regulated and commercial: Encrypt all data at transfer, if required, by regulation encrypt or create defined security groups.
- Policy: Define the data, residing within cloud contracts (for example, click-through or enterprise agreements) based on geographic boundaries in accordance with the subscribers’ international and local data privacy laws.
- Process: Define corporate binding rules to restrict data transfer and exchange between systems, sites, and partners per country and regional regulation restrictions.
Data Protection Issues in the Cloud
Some of the prominent issues that are common in relation to data transfer in the cloud are:
Issue 1: The majority of organizations do not have a mature data classification policy, process, or user education schemes for internal use of data.
Issue 2: Most organizations do not have a clean single source of truth for what is their authorized source for data (structured or unstructured).
Issue 3: Moving to the cloud without a data classification policy will only amplify the shortcomings of any data classification policy, process, or procedure.
Courses to help you get
results with Cloud
The industry-recognized CCC Professional Cloud Security Manager provides you a case study with related exercises and activities such as multiple-choice questions (MCQs), multiple MCQs, puzzles, and write-ups. This case study will focus on security and risk considerations that should be considered while implementing cloud computing in small and mediums organizations. We made sure to include…
Never miss an interesting article
Get our latest news, tutorials, guides, tips & deals delivered to your inbox.