If your organisation handles sensitive customer data, committing to the cloud is anything but a simple decision. As is now well documented, moving sensitive data into the hands of third party cloud providers greatly expands and complicates the risk landscape.
Being a cloud adopter requires you to understand exactly what information protection measures you must take to remain in regulatory compliance. Here is a checklist on how to protect your organisation's data and business interests.
Consider your regulatory challenges
Different organisations must abide by different regulations and, the more regulated your industry, the more due diligence is required for data privacy, systems security, business continuity and liability/risk management.
As pointed out in Microsoft's TechNet Magazine, "[a]ssessing the different laws and regulations your enterprise needs to abide by may well define what you can deploy in a cloud or which type of service you can use."
Deploy a cloud encryption strategy
Plan your encryption strategy according to the privacy regulations that apply to your organisation. Explore how the relevant regulations require you to secure data and how strongly.
To most effectively meet your cloud encryption needs, while still retaining the functionality that you expect from cloud services, you'll need an information protection platform that offers various security controls and options to apply these at a granular level.
If you're not yet prepared to jump on-board the encryption train, at the very least tokenise data in the cloud as a data masking alternative.
Add data loss prevention (DLP) enforcement
Once you have encrypted your sensitive data from potential hackers, you still need to protect it from both inadvertent and malicious leakage by insiders with access to the data in the clear. DLP is a must for regulatory compliance.
DLP scans content before it ventures beyond your enterprise's perimeter, enforcing your corporate confidentiality policies to ensure that individuals do not undo all the data protection you've put into place.
Regularly discover and monitor data
Complement your cloud security controls by unifying visibility for all your cloud data. Tools such as data discovery and anomaly detection will impart deeper intelligence into the types of data that employees are moving into the cloud and flag potential mis-use.
The insight these tools shed will help you match the different types of data with the security controls required to protect them in the cloud.
Refresh the checklist
Now that your enterprise's cloud information protection strategy is in force, keep it up to date. Regulations change over time, particularly when it comes to the cloud where disruptive technologies create new concerns to which the laws then adapt.
It's vital you stay on top of regulatory changes because pleading ignorance of compliance changes isn't an acceptable defence for violations.
- Paige Leidig has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. As SVP of Marketing, he is responsible for all aspects of marketing at CipherCloud.