Part 2: Boosting Data Security & Compliance in a Multicloud World

Learn how to win the arms race against potential attackers and achieve compliance while leveraging the unique capabilities across cloud platforms.

Matthew Yeh

Oct 29, 2019

Companies today are striving to become digital enterprises by responding more rapidly to the ever-changing needs of consumers. With that demand for greater speed and agility, IT organizations are looking to the cloud as a fundamental part of their digital transformation efforts.

For most organizations, that means adopting a multicloud strategy that helps teams achieve greater elasticity and faster delivery times, ultimately empowering the business to turn great ideas into winning products and services at lightning speed. While there are a number of reasons businesses pursue a multicloud strategy, a key consideration is for security and compliance.

Managing compliance obligations and risks are big challenges in a world where every company is becoming a data company. Only 59 percent of companies report they are meeting all or most of the GDPRs requirements while another 29 percent expect to get there within a year, according to Cisco’s 2019 Data Privacy Benchmark study.

“Privacy is such a vital ingredient to organizational success, both to protect data and foster innovation,” John N. Stewart, senior vice president and chief security and trust officer at Cisco, added in the report.

It’s no surprise that data is the main target of cyber attacks as 2019 shapes up to a landmark year for data breaches. A recent study by cybersecurity firm Risk Based Security found the number of breaches increased by 54 percent in the first six months of 2019 compared to the same time last year.

Keeping up with the Clouds

What many fail to realize is that risk exposure isn't just limited to data associated with operational production applications. It's actually the non-production environments for development, testing, reporting, and analytics that represent most of the surface area of risk. Nearly 47 percent of organizations in the U.S. and Europe already use the cloud for application development and testing, according to a survey by Luth Research and Vanson Bourne. Developers need real data that provides realistic cases for thorough and complete testing. Copying and cloning sensitive information to more and more non-prod environments presents an increased surface area of risk for exposure.

This idea extends to (and is perhaps even magnified or complicated by) multicloud architectures in which non-production data proliferates across multiple clouds because data is distributed across multiple places instead of one, making it that much harder to secure sensitive information.

At the end of the day, the onus of securing sensitive data and ensuring compliance with regulations is on the business. Given the number of businesses that rely on their cloud providers, companies must get a better handle on their data management practices to fully take advantage of adopting a multicloud strategy.

Here are five reasons why.

  1. It’s more challenging to identify all your sensitive data when it’s distributed across locations.

  2. Enterprises must protect sensitive data while enabling the appropriate individuals to access it.

  3. Laws such as GDPR include data sovereignty provisions that may create requirements to move personal data from one cloud or region to another.

  4. Securing data for development and testing purposes must preserve realism and referential integrity of data.

  5. Finally, any tooling or processes implemented must work across heterogeneous cloud environments.

Let’s apply this to a real-world scenario. Say you’re a global financial service company building a new mobile banking app. Your application could be made up of multiple components spread out over AWS and Azure, each with its own data sources, including membership information, loan product data, and account data.

First, teams will need to identify the sensitive information, such as transaction data and social security numbers, that are distributed across multiple non-prod copies in multiple clouds. Then you'd need to secure that data in a way that is preserves the usability of the data. This process will need to be consistent across both Azure and AWS and repeatable and fast, so the release process isn't disrupted.

Moreover, teams will need to manage that data in accordance with various laws, rules, and regulations by country. This may include the need to move non-production data for the app from one location to another, based on data sovereignty requirements specific to multiple regulations.

Powering Your Multicloud Strategy with Fast & Secure Data

While encryption is recognized as a common and familiar method to safeguard sensitive data, it’s not an effective technique when it comes to protecting sensitive information flowing out of downstream environments for development, testing, reporting, and analytics.

Companies need to address this challenge by combining modern security practices, like data masking, with the ability to move data quickly across the organization. Data masking replaces real data with fictitious but realistic data that is valuable to testers, developers, and data scientists, whereas encrypted data may not be usable or valuable to those same teams.

When data is masked, it has “no value” to a hacker and a compromise is typically a non-event because the masked data is not real. Moreover, masking brings non-production environments that hold most of an enterprises’ sensitive data into compliance with privacy laws such as GDPRCCPA, CPRA, and HIPAA.

The Consequences of Poor Data Protection

Global business leaders are waking up to the paradox of having to ensure data flow in a highly regulated world. Failure to comply can mean millions - if not billions - and failure to innovate can mean bankruptcy. You run the risk of losing customer trust and confidence, brand quality and reputation, as well as the speed required to move fast in today’s ever-changing world. Adopting a data platform that works across multiple cloud providers, identifies sensitive data, and automatically masks that information are important aspects of leveraging the unique capabilities of the multicloud, ultimately helping you achieve compliance across heavily regulated industries while mitigating data risk in a way that unlocks innovation.

Download our ebook to learn more about how to build a roadmap for moving, governing, and provisioning data for key multicloud use cases.