The challenge of protecting data in the cloud [Q&A]
Modern enterprises hold huge volumes of data and increasingly it's stored in the cloud. This means that protecting the information is a significant challenge and it can even be easy to lose track of where data is.
We spoke to Dan Benjamin, co-founder and CEO of Dig Security, to discuss the risks around cloud data storage and how to address them.
BN: What business trends are driving cloud adoption, and how do these trends impact the volume of data stored in the cloud?
DB: Cloud adoption has been accelerating for years, and the COVID-19 pandemic increased our collective reliance on technology to conduct everyday business. The average enterprise today uses nearly 2000 different cloud data services. Alongside the increased use of cloud services is an increase in cloud storage: Statista estimates that 60 percent of enterprise data is stored in the cloud.
Cloud computing offers unmatched velocity, performance, scalability, and flexibility. Organizations of all sizes and across all industries are shifting infrastructure, applications, workloads, and data to the cloud. From the old single monolithic database, development teams are now using microservices, which only increases the data fragmentation and sprawl. As business leaders future-proof their organizations, their cloud adoption strategies will impact their ability to adopt emerging technologies like virtual and augmented reality, the internet of things (IoT), quantum computing, artificial intelligence, and to keep pace with the evolving industry.
BN: What is unique about cloud data that puts it at risk?
DB: Today's organizations are dealing with an explosion of data on their cloud environments.
- The modern enterprise is struggling with the following questions:
- What data do we own across our clouds?
- How is that data being used?
- How can we protect the data from data exfiltration, ransomware or compliance breaches?
These are difficult questions to answer, as a typical enterprise today holds data across at least two public clouds, 25 data store types and thousands of data store instances.
Enterprises use solutions to protect their endpoints and VMs (EDR), Networks (NDR), however they lack a solution to protect their data – real time data detection and response. The modern enterprise needs a comprehensive cloud data security solution combining Data Security Posture Management (DSPM) and Data Detection & Response (DDR) capabilities with cloud data loss prevention (DLP) to deliver real-time data protection across any cloud and any data store.
BN: Why is protecting data in the cloud different from protecting data on-premises? Where does multi-cloud fit in?
DB: Cloud footprints are exploding alongside the sheer volume of data stored in the cloud. As data travels between these assets, discovering sensitive data and mapping data flows is difficult. It's easy to lose track of data. VMs, orphan backups and other shadow data assets require automated discovery and classification capabilities to ensure sensitive data is not left unaccounted for. The lack of visibility into an organization’s cloud footprint and associated data assets poses a significant challenge. Legacy data protection solutions are ineffective in modern cloud environments. Traditional cloud data loss prevention (DLP) solutions rely on the perimeter, whether endpoint or network, to protect data traveling – but data in the cloud travels beyond the perimeter. Also, traditional data protection tools were not designed to address the scale of data that is hosted in the public cloud, mostly due to cloud working habits such as microservices that increase the data fragmentation.
Organizations today require dexterous data security solutions that can address the constant movement of data across different deployments (IaaS and PaaS) on public clouds. Traditional solutions and vendors lack the speed and adaptability for these environments. Native solutions offered by public cloud vendors (AWS Macie, Azure Purview, Google Cloud DLP) do not support multi-cloud environments and are limited in coverage and functionality.
Cloud Security Posture Management (CSPM) solutions focus on protecting the posture of the cloud infrastructure but don't take the context of the data and how it flows across different cloud services into consideration. This may be helpful for configuration issues, but it does nothing to prevent an attacker from swooping in to steal customer data, cover their tracks, and disappear in minutes.
BN: What are some of the top risks for cloud data?
DB: 2022 exposed many weaknesses regarding how businesses store sensitive data in the cloud. The Uber and LastPass breaches demonstrated how vulnerable cloud data stores are, even for enterprises that invest in data protection and cybersecurity. Data lives in different forms and is constantly collected. Data is complex and dynamic, consistently changing across the public cloud.
Shadow data poses a significant risk from both security and compliance perspectives. Shadow data is not actively managed or governed by IT teams. Security controls and policies are often not applied to this data, which makes it more difficult to track, manage, and monitor. It also leaves the data susceptible to unauthorized access and exfiltration. Shadow data examples include snapshots, backups, unmanaged data stored, and copies used for development and testing purposes. This is concerning, considering how often misconfigured S3 buckets have fallen victim to hacks.
Ransomware is another significant risk. Falling victim to a ransomware attack can mean the unfortunate reality of serious financial impact -- ransoms, fines, and even bankruptcy. Cyber security tools like DSPM provide better visibility into where the data is that needs tighter security and real-time data detection and response (DDR) capabilities will also help stop ransomware attacks early in the kill chain before damage is done.
Data misuse and data exfiltration, along with compliance breaches, are other top risks for cloud data.
BN: As an industry, what can we learn from recent cloud data breaches such as the LastPass security breach?
DB: The LastPass breaches underscore the need to prioritize cloud data security and implement stronger security measures to protect customer data. The latest LastPass breach originated in the cloud, meaning no endpoint or on-prem device could have detected the incident. This shows how the legacy approach to data security is ineffective in modern IT environments.
Additionally, at the time of the attack, LastPass did not have real time monitoring capability in place that could have detected and prevented the attack from completing in the first place. In fact, it took days to discover that the event took place and even then, they could not tell whether customer data was breached. Visibility is necessary for quick and effective breach response and to prevent further damage. Organizations must have visibility into: what data was included, if it was sensitive, where it was located, who accessed it, and whether or not it was impacted.
These breaches demonstrate that the constantly changing nature of the cloud and the proliferation of cloud threats requires data security tooling and processes that are equally dynamic.
BN: What can organizations do to better protect cloud data?
DB: Public cloud data security solutions have never quite fit the speed of innovation in the cloud and the complex threat models it introduced. Organizations today must build a cloud security stack, including capabilities for DSPM, DLP, and DDR.
CSPM solutions have been the main technology used to protect cloud assets, but CSPM solutions focus only on protecting infrastructure, not data. This results in ongoing exposure and breaches of sensitive data. Gartner introduced the idea of DSPM to address this. DSPM tools create a consistent security posture for data as it flows between on-prem systems and cloud deployments. DSPM provides data discovery and classification capabilities and identifies static data risks based on the context and sensitivity of the data.
But DSPM lacks real-time monitoring, detection, and response. Alongside DSPM, DDR is key to a successful cloud security stack. DDR focuses on real-time monitoring, detection, and response, and helps protect data from threats as they happen. DDR is based on monitoring all data interactions in real time and allowing security teams to respond to attacks and misuse of sensitive data quickly. DDR provides dynamic monitoring on top of the static defense layers provided by CSPM and DSPM.
In addition to building their cloud security stack, business leaders should build an enterprise data security team. With emerging data governance rules and a more challenging threat landscape, companies must hire specialized data security professionals to remain secure and compliant.