The adoption of hybrid cloud environments driving business operations has become an ever-increasing trend for organizations. The hybrid cloud combines the best of both worlds, offering the flexibility of public cloud services and the security of private on-premises infrastructure. We also see an explosion of SaaS platforms and applications, such as Salesforce or Slack, where users input data, send and download files and access data stored with cloud providers.
However, with this fusion of cloud resources, the risk of data breaches and security vulnerabilities has also intensified. The 2023 Cost of a Data Breach Report found that 82% of data breaches involved data stored in cloud environments, with 39% spanning multiple types of environments. Cyber criminals know organizations’ most prized data is stored in the cloud, making this third-party infrastructure a perfect target.
Cloud environments are not static. It’s easy for us to spin up new cloud environments, whether that’s AWS, Azure, Google Cloud Platform or IBM Cloud. When data is stored across so many different environments and traversing across various networks, keeping track of where data resides, who has access to what and if sensitive information is exposed becomes challenging. In the wake of growing cyber threats as well as increasingly stringent regulatory mandates, it has become imperative for organizations to fortify their defenses with a robust security strategy, especially in the era of cloud infrastructure.
Hybrid cloud environments exacerbate key data security challenges for organizations, whereby the following questions may arise:
- Lack of control and visibility
- Where is my data?
- Is it regulated or sensitive data?
- What resides in this data?
- Data flow and entitlement
- How is data being accessed?
- How can it potentially flow?
- Is it properly entitled?
- Data vulnerabilities
- Are my data controls sufficient?
- Is data being exposed due to posture issues?
Three data security best practices
In order to maintain a robust security posture while data is stored across multiple different types of environments, there are three key tips to keep in mind:
- Gain visibility and control over data in hybrid cloud environments, making it a top priority.
- Choose the right approach to monitoring data activity.
- Leverage AI and automation to increase speed and accuracy, enforce controls and detect suspicious behavior in real-time.
Taking action to understand and leverage these three tips will help you safeguard data in a hybrid cloud environment. Let’s delve deeper.
Webinar: Protect your data across hybrid cloud
1. Gain visibility and control over data, no matter where it resides
In a hybrid cloud environment, data is spread across diverse platforms and locations, making ensuring comprehensive visibility and control challenging. Using SaaS applications brings the emergence of shadow data as it expands across the cloud rapidly. To combat this challenge, organizations must have a deep context of the data — what data is important to protect and why is it important to protect throughout the lifecycle?
To do so, they must be able to scan data sources and compile a master inventory of sensitive enterprise data that exists and then incorporate business metadata for context. This will then help fuel data security and privacy products with sensitive data intelligence. This capability should be extended to SaaS applications and data lake services. People are putting data in mass on applications — everyday employees are sending confidential business information and attachments over Slack or sharing passwords. How do we keep track of this data making its way into apps? The same applies to code repositories and storage repositories such as OneDrive or Office 365.
We need to expand beyond just finding data in the cloud-native services for the hyper scalers and examine inside containers residing on those cloud properties and within SaaS applications and data lake services. It is also critical to understand how data moves from region to region within the cloud or if an application has access to data that it shouldn’t – mapping potential and actual data flows will allow security teams to see what policies and configurations are in place and what is occurring.
By prioritizing data discovery and classification and fueling other tools with sensitive data intelligence, organizations can be better equipped to put the right protections in place.
2. Choose the right approach to data activity monitoring
Understanding how data is accessed and utilized is essential for maintaining data integrity and preventing unauthorized access or insider threats. In a hybrid cloud environment, data access is likely to occur from various endpoints, making it critical to deploy multi-layered monitoring mechanisms.
Understanding data movement is key for compliance, and organizations must be able to track data flows to and from cloud and on-premises repositories. This is especially important for organizations handling large amounts of personal data or personally identifiable information (PII). Organizations must comply with GDPR and keep data within geographies for data residency requirements. They must understand where the flows of data are to and from those repositories, look at both potential and real flows of data, and uncover misconfigurations or issues that might present a compliance issue.
Organizations must prioritize gaining real-time visibility into their data assets. Visibility provides actionable insights into data usage patterns, potential threats and compliance adherence. One key recommendation is to implement advanced data protection solutions that offer central management capabilities across multiple cloud platforms. This unified approach allows organizations to consistently monitor data movements, access patterns and anomalous activities and implement robust authentication protocols. Data encryption, data masking and tokenization techniques are also crucial in safeguarding sensitive data, ensuring that even if a breach occurs, the data remains unreadable and unusable to unauthorized individuals.
Organizations should implement strict access controls and role-based permissions to ensure that only authorized personnel can access sensitive on-premises or cloud data. There needs to be vulnerability management at the server — data created, going into the application — living in the data source. We should have an inventory of everyone who has access to data and what is the potential for data movement and incorrect access. Regular audits of user permissions can help identify any unauthorized access attempts promptly.
With USD 750,000 higher breach costs when breached data was stored across multiple environments versus on-premises only, continuous monitoring of data access and activity is paramount. This involves analyzing user behavior, detecting abnormal patterns and correlating activities across cloud and on-premises resources. Seek data security solutions that work across platforms to protect data as it moves between databases, applications and services. You need to monitor at a lower transactional level and look at access to data stores, databases and the actual transactions and SQL statements. This is super valuable and we need to extend this visibility across hybrid cloud environments. This can significantly enhance threat detection capabilities by identifying suspicious user behaviors that may indicate a potential breach.
By prioritizing visibility and control, businesses can proactively detect potential security gaps, mitigate risks and respond swiftly to potential threats.
3. Leveraging AI and automation technologies
Manual security efforts may fall short in the battle against sophisticated cyber threats. Organizations should integrate artificial intelligence (AI) and automation technologies into their security strategy to bolster data detection and response. The 2023 Cost of a Data Breach Report found that it takes 291 days in breach response time when data was stored across multiple environments, 14 days longer than the overall average for containing a breach.
To close this gap, AI-powered security tools can quickly process vast amounts of data, identify anomalies and recognize previously unseen patterns that human operators might overlook. The average time to identify and contain a breach is reduced in correlation with the increased use of AI and automation technologies. Such capabilities enable proactive threat hunting and swift incident response.
Furthermore, automation streamlines incident response by enabling immediate actions when a threat is detected. Automated responses can include quarantining compromised endpoints, blocking malicious IPs or initiating incident response workflows. Rapid response times reduce the “dwell time” of attackers within the network, mitigating potential damages and limiting the scope of a data breach.
A modern data security and compliance approach to protect data across the hybrid cloud
IBM Security Guardium offers a multi-layer data security strategy, no matter where it resides. With IBM Security Guardium, you can:
- Apply policies from a single location and monitor and understand how users access data.
- Access advanced analytics, surface threats and anomalies and context-based risk scoring to help automate investigation and remediation.
- Leverage containerized orchestration to support elastic scalability and reduce maintenance costs, with flexible deployment options.
- Utilize compliance tagging, pre-built policies, easy-to-use workflows and long-term data retention to help speed compliance and data security.
Take action to secure your organization’s data
Organizations are evolving how they store, access and utilize the data that is the foundation of business operations. The hybrid cloud offers unparalleled flexibility and scalability, but it comes with the responsibility of securing sensitive data from cyberattacks, ransomware, malware, human error or accidental loss. A robust cybersecurity strategy that emphasizes gaining visibility and control over data, monitoring data access and activity and leveraging AI and automation technologies is essential to defend against security risks evolving from a hybrid cloud environment. By implementing these recommendations and staying vigilant against emerging threats, organizations can safeguard their valuable data and uphold their commitment to data security and posture management in an increasingly interconnected world.
To learn more about these three recommendations in depth, join our webinar on August 30 at 11 a.m. where EMA analyst, Chris Steffen, and IBM Security expert, Eric Maass, will discuss how to best protect data across the hybrid cloud.
Product Marketing Manager, IBM Security