Protecting virtual worlds of data in motion

Corporate IT departments are struggling to manage all the data now residing in the cloud.

More and more information is flowing non-stop between physical mobile/Industrial Internet of Things (IIoT) devices to virtual repositories in the cloud and back again.

According to Cisco, 69% of all applications will reside in the cloud in 2017.

A look at the Ponemon Institute 2016 Global Cloud Data Security Study reveals organizations still have plenty to do when it comes to data security.

The study found that nearly half (49%) of cloud services in the enterprise are outside corporate IT’s domain, while around 47% of corporate data stored in cloud environments are not managed by the IT department.

Cloud computing is attractive to enterprises for cost efficiency as well as its flexibility in allowing employees and customers anytime, anywhere access to information and services.

But the security challenges can be significant.

For example, hackers have occasionally been able to exploit poor cloud security practices to harvest customer financial data such as credit card and bank account details. In some instances, they have hijacked personal data stored in social media accounts and used it to impersonate someone in the name of fraud.

Data in the virtual world does not even have to be stolen to be a security risk. Insiders have been known to delete or manipulate cloud data – intentionally or by mistake.

Sometimes cybercriminals manage to plant malware in the system that covertly monitors data processes and procedures. Known as Advanced Persistent Threats (APTs), the malware remains undetected over a prolonged period compromising data in the cloud.

If the malware is ransomware, the loss of data can be permanent.

Risks to data in the virtual world have proved all too real.

Healthcare organizations routinely commit large volumes of data to the cloud. They are also among the favourite targets for cybercriminals.

At the medical insurance company Anthem, up to 80 million customer records were left exposed by a compromised database in 2015. That year, it was reported one in three Americans had their health records breached.

In fact, inadequate cloud security measures are believed to have played a part in some of the biggest data breaches ever recorded, ranging from Sony Pictures and Home Depot in 2014 to, more recently, LinkedIn and Yahoo.

Perhaps understandably, corporate IT departments do their best to protect all data as robustly as possible.

This has led some organizations to add point solution after point solution as they try to mitigate the security risks whenever some new service or application is connected to the system.

The result is sometimes confusing.  IT managers can be left uncertain which measures are meant to secure what data.

When it comes to data protection in the cloud, where there’s doubt there’s vulnerability.

Effective security for cloud data demands a holistic approach and recognizes not all data is vital.

Instead, organizations should divide their data into different categories. For example, if customer credit card information is identified as highly sensitive then it should be subject to multiple layers of protection with the greatest levels of monitoring and control.

The same holds true for all other business-critical data.

Enterprise-grade cloud applications like Salesforce have built their whole business model around the secure transfer of data between the cloud and their corporate customers.

Cloud application services providers are also reliably servicing many thousands of enterprise clients in complete safety and security.

However, judging from the number of cloud data breaches in the news, corporate IT departments have more to do to protect data as it flows dynamically between cloud applications, mobile devices, IIoT and corporate databases.

A variety of cybersecurity measures are needed from robust data policies to ensure IIoT devices have security built-in, from multi-factor authentication to strong encryption.

Interfaces and APIs are a vital part of managing, orchestrating and monitoring cloud services.

It’s when these components are weak that organizations can experience security issues.

One of the most effective ways to protect data in motion is with encrypted tunnels using VPN.

Not only does VPN software integrate easily with existing corporate systems, it also secures data traffic at device-level. This ensures information stays encrypted and private as it passes between cloud applications and the IIoT and mobile devices that access them.

VPNs provide protection for interfaces and APIs as well as secure authentication.

As a further convenience device configuration, software distribution and scalability can be managed remotely through centralized management.

In summary, enterprise IT departments are still getting to grips with the change in mindset that managing and securing data demands now that it routinely moves between multiple devices, corporate databases and the cloud.

Classifying different types of data and treating them differently is a useful start.

So too is protection, authentication and security for all connection points. VPN software creates an encrypted tunnel for sensitive data to flow between the organization and multiple destinations in the cloud and back.

This greatly reduces an organization’s overall risk exposure for data passing through the virtual world of the cloud.