The National Institute of Standards and Technology (NIST) defines cyber security as “the process of protecting information by preventing, detecting, and responding to attacks.” Cyber incidents can have financial, operational, legal, and reputation impact. Costs may include forensic investigations, public relations campaigns, legal fees, consumer credit monitoring, and technology changes. The biggest concern when it comes to cyber security is data. Over the past several years, organizations have migrated to the cloud at an increasing clip as CIOs realize the cost savings associated with no longer needing to host and manage hundreds of servers and costly storage systems. In a recent study conducted by the Ponemon Institute and Netskope, IT and security professionals estimate that 30 percent of their business data is in the cloud already. Simultaneously, the advent of employees using personal mobile devices for work has shattered the notion that organizations can keep business data inside the corporate wall. Sensitive data detection and protection in the cloud are now critical.
Outsourcing server and storage management, as well as business-critical applications, to the cloud brings more than just cost savings, though. Just like any good outsourcing deal, every corporation needs a mechanism for oversight of the outsourcer as well as some level of information protection, as defined by NIST. This can be accomplished in two steps:
This surgical visibility and control of cloud apps is necessary to understand your organization’s exposure to sensitive data in the cloud. Protecting your data from breach or exposure can only happen if you have visibility in to where the data is and what your employees are doing with it. If you are able to block uploads of sensitive business data to personal cloud storage instances, while simultaneously coaching your users toward a corporate managed cloud storage service, you have enabled all three of NIST’s components of cyber security: prevent, detect and respond. Only by doing this will you ensure your information protection posture is sound when migrating to the cloud.