Protecting sensitive data in the cloud [Q&A]
The use of sensitive data for business is crucial. The growing amount of sensitive data stored in cloud infrastructure and applications creates an increasing and constantly evolving data risk landscape for organizations.
The main cause of risk is how broadly this data is shared within and outside the organization, and how it is being used by users, services, or other applications. We spoke to Liat Hayun at Eureka Security about how this risk can be addressed while still allowing safe use and storage of data.
BN: Why does storing sensitive data in the cloud present a particular risk?
LH: Organizations have always treasured data as a crucial and sensitive asset. But securing it used to be simpler when everything resided within their own walls, like a locked fortress. The cloud revolution shattered this model, creating a boundless, ever-shifting digital landscape where data freely roams across multiple services and locations. This dynamic realm presents exciting opportunities but also demands a whole new approach to data security.
Data storage in the cloud is valuable for businesses, as it provides them with the flexibility and innovation they need. Data can be used for user and use case analytics, for supporting new product capabilities and even for training ML and LLM models and creating new functionalities for businesses. In complex multi-cloud setups and as the volume and value of cloud data rise, so do security risks and compliance requirements, making keeping data secure a significant challenge.
Security teams today lack visibility into the existence and content of data stores, they struggle to understand the different controls provided by different cloud providers, and they have no notifications for changes or policy violations. As attacks leveraging data grow in scope, scale and sophistication, companies struggle to find efficient ways to leverage cloud data to help drive productivity and business goals, while safeguarding highly sensitive data such as financial information, IP, and trade secrets without obstructing productivity.
Companies trying to secure sensitive data in the cloud often struggle to maintain continuous, up-to-date control over their data stores. In the tradeoff between prioritizing business or security, they often end up in the middle ground, relying on manual security processes and multiple teams to produce organizational data maps, and not providing appropriate security or appropriate business productivity.
BN: Why are the security tools built into cloud platforms insufficient?
LH: Public cloud providers, SaaS applications and other cloud data storage technologies do offer individual security consoles with basic functionality but lack seamless multi-cloud operation and modeling capabilities. These consoles are disparate, requiring the use of different tools from each cloud provider. Moreover, they prioritize their own vaults and data stores instead of utilizing best-in-class databases and key stores.
Eureka provides broad visibility into data and its source, going beyond standard data classification with an in-depth evaluation of access controls and pathways to offer a focused view of data access. It is paramount to gain a true understanding of what your data needs are rather than provide generic security controls that won't be able to provide long-term or complete protection, or that cannot be used across all cloud providers. Using real-time log ingestion allows a deep understanding of data usage and movement across cloud environments. Our unique policy engine identifies compliance risks, organizational breaches, and malicious activities with precision, including actionable insights on overexposure, unnecessary access, anomalous behavior and data ownership. These are all critical components of a sound and scalable data security posture which other security tools lack.
BN: How has the shift to hybrid working changed the way enterprises use data?
LH: The shift to remote work has had a significant impact on the way data is used by enterprises and their employees and has introduced a wide range of opportunities and challenges. There are issues to be considered pertaining to employee privacy and the use of personal devices for company data storage, an increased attack surface across distributed networks and teams, new data sources and a growing amount of data to be secured. Distributed teams have the freedom to adopt external services, potentially introducing security risks due to a lack of oversight. As the amount of data grows and business goals expand, data security must be able to scale accordingly and be approached as a strategic business concern.
BN: What is data security posture management (DSPM)?
LH: Data Security Posture Management is a high-level, all-encompassing name for next-generation security tools that secure data in the cloud. DSPM is a holistic approach to securing all data residing in cloud data stores, regardless of its location and how it got there, and without requiring deep expertise in understanding how each data store operates. Beyond risk assessment, Eureka's DSPM platform provides continuous monitoring that models normal behavior, detects changes and triggers alerts for suspicious or malicious activity. DSPM offers security leaders better protection with clear visibility, control, accountability, and automation. Plus, it works across different cloud providers and the data stores within them, as well as other technologies used for storing data such as SaaS applications or file shares.
BN: Can this be applied across all data, not just the cloud?
LH: Eureka's approach can be applied across any technology. Eureka Security provides robust cloud data protection including IaaS, PaaS and SaaS, and is on a mission to protect sensitive data, no matter where it resides or how rapidly it changes.
BN: How does using a DSPM platform impact the organization?
LH: Eureka's DSPM platform seamlessly integrates into a customer's existing clouds using APIs without requiring agents, by routing all traffic or access through a proxy. Moreover, Eureka is non-intrusive and 'read-only', ensuring the full integrity of a customer's environment. To examine data, Eureka leverages sophisticated adaptive sampling mechanisms, allowing for accurate classification without abusing a customer's cloud resources.
Eureka offers various deployment options, including a full SaaS solution or a component within organizational environments, giving security teams control over data access. Sensitive data stays within the company’s environment and is not transferred for analysis outside its origin geography. This allows Eureka to provide significant security benefits with no observable performance decline, no noticeable additional cloud costs, and no additional risk. With Eureka, organizations can leverage their data for business goals and productivity without compromising security.
Image credit: jirsak / depositphotos.com