Solving cloud-based data security challenges
19 Jul, 2022 6 min read
As organisations speed up their cloud migration strategies, security remains a prime concern. Despite the adoption of various security solutions on cloud computing platforms, we continue to see detrimental data losses and cybersecurity breaches being reported. The consequences of such an event range from financial losses and fines, to reputational damages which lead to a loss of market share.
This shows that the existing solutions that companies are adopting to protect their databases are failing. This includes access controls, Intrusion Prevention Systems (IPS), and traditional anti-virus/malware software. Similarly, to protect files held in databases, measures such as full-disk encryption, Data Loss Prevention (DLP), and Transparent Data Encryption (TDE) are not living up to their promises. Even those organisations which rely on strong user authentication measures such as two-factor authentication to up their defence against identity fraud in the era of remote work are finding themselves vulnerable.
This shows that the existing solutions that companies are adopting to protect their databases are failing. This includes access controls, Intrusion Prevention Systems (IPS), and traditional anti-virus/malware software. Similarly, to protect files held in databases, measures such as full-disk encryption, Data Loss Prevention (DLP), and Transparent Data Encryption (TDE) are not living up to their promises. Even those organisations which rely on strong user authentication measures such as two-factor authentication to up their defence against identity fraud in the era of remote work are finding themselves vulnerable.
Standard enterprise cloud security solutions aren’t leak-proof
Unfortunately, cloud security solutions are not providing comprehensive security for cloud-based data, especially since cloud systems are up and running all the time. They are also unable to defend against insider attacks – and remember, insiders no longer just include your own employees, but the employees of the cloud service provider together with supply chain partners as well.
Case in point: ex-Amazon employee Paige Thompson hacked Amazon Web Services client Capital One in 2019, breaching over 100 million customer accounts over an extended period of 4 months. This goes to show that without knowing exactly who has privileged or direct access to your data and storage servers, there’s no way to know who you should be guarding against to prevent them from misusing or leaking your private information.
Therein lies one of the biggest misconceptions - companies like to believe that cloud-based databases are inherently secure, but they’re not. The inconvenient truth is, that although security features may have become more robust within database applications, the readily available commercial ones come with few security features enabled. If you actually read the fine print, you’ll find that cloud providers do not take responsibility for data protection. Cloud deployment is another data risk. Period.
Big cloud operators clearly draw the line about their security responsibilities. While operators are responsible for the security of the cloud (e.g., hardware, infrastructure, and software), customers are solely responsible for security in the cloud (e.g., your data, platform, applications, Identity and Access Management, and operating systems).
The distinction between these two short words ‘of’ and ‘in’ is very important.
Let’s also not forget those cloud service providers themselves aren’t immune from security breaches. Norwegian cloud computing firm Visma, which has over 900,000 customers across Europe, suffered a network breach in 2019, and even IT security companies like RSA have had their two-factor authentication token compromised. And yet, many businesses, from big enterprises to smaller SMEs, even educational institutes, continue to rely on third-party cloud operators for their data security.
So, the million-dollar question is - what can organisations do to take control of their databases with cloud-based security, and prevent potentially devastating leaks?
Secure your data everywhere with 100% file-level encryption (FLE)
Sure, there is a lot of file-level encryption software on the market, but the problem is many of them don’t protect data in all three usage states: in-transit, in-use, and at-rest.
In-use is the big one that’s lacking because when your data is protected in-use it means users can access and use live data from databases on the cloud. Without it, when your teams are working on the cloud (who isn’t?) your data is at risk.
That’s why our encryption technology makes it possible to take control of your database without relying on cloud operators or disrupting your traditional workflows. With the SecureAge Security Suite, you can secure and protect your data held on both enterprise endpoints and on servers running in the cloud.
SecureData deploys a unique approach to file-level encryption (FLE) using Public Key Infrastructure (PKI) technology. It invisibly employs asymmetric encryption to inextricably link unique keys for each user and each file – without the specific key, file decryption cannot occur and data remains protected.
That means, SecureData can safeguard all of your files and stops data leakages across multiple channels, all without the hassle of having to combine a host of different security solutions.
With SecureData, cloud-based data security is now:
- Proactive: All data files are automatically and seamlessly encrypted when they are created, edited, moved, or copied to any local, external, or network storage device based on a predefined policy. By encrypting data before it leaves your organisation’s systems, information is completely protected using SecureData.
- Pervasive: Files will remain encrypted whether in transit, at rest, or in any storage media, whether it’s a USB flash drive or cloud database. Cloud admins may be able to see your files but they cannot access the data, effectively protecting against insider attacks.
- Persistent: The data is securely encrypted before leaving the client machine, and continuously stays encrypted as it travels over the network to the server. Even if misconfigured services, databases, or infrastructure may lead to stolen files, the data inside them will be useless since it remains encrypted.
Don’t leave your data in the hands of third-party cloud operators
According to LogicMonitor, 87% of global IT decision-makers agree that COVID-19 has caused the accelerated migration of business processes and operations to the cloud. 74% even believe that within the next five years, at least 95% of workloads will run on the cloud. As operations continue to digitalise and the future of data storage and processing becomes increasingly cloud-based, making cloud database security a business priority will soon become a necessity, not an option. Employing a Zero Trust approach to data security, especially cloud-based data security, has therefore become essential.
To find out more about how the SecureAge Security Suite protects your databases, download our whitepaper: Security Suite for Databases. In it, you’ll learn more about how the SecureAge Security has helped companies and government institutions to:
- Reduce misconfiguration risks from cloud-based deployments
- Cover security gaps left by common databases encryption approaches
- Mitigate malware and data leakage risks through application binding
- Minimise operational costs
- Email confidential files for enterprise email
- Secure databases
The short version is, that by encrypting every file, no matter where it is stored, with a unique asymmetric FLE, SecureData effectively makes any stolen data useless outside of your organisation. With SecureData, any unauthorised copying of data from a machine or file server will only expose the encrypted data files, thus mitigating the risk of any sensitive information being leaked.
Get in touch to book a demo of the SecureAge Security Suite, and start enjoying 100% data protection in the cloud so you can prevent internal and external data leaks, and achieve the highest levels of regulatory compliance, win-win.
