Forcepoint: How to prevent the cloud from becoming a drainpipe for sensitive data

Data security in the cloud is increasingly becoming a critical component of companies' IT infrastructure. They are increasingly using cloud services to run applications and store data, while remote and mobile working means that ever larger parts of their workforce are accessing these cloud services from outside the company network using a wide variety of end devices. This increases the attack surface for cyber criminals and offers them new gateways.

If companies lose intellectual property or personal information in the cloud, they face considerable consequences. These range from severe fines and an irreparable loss of reputation to a loss of revenue that could threaten their very existence. Cybersecurity specialist Forcepoint explains five measures that companies can take to prevent this.

1. Implement zero trust frameworks

The Zero Trust security approach aims to ensure that only trusted users can access applications that contain sensitive data. When accessing cloud services, companies can ensure this with the help of a CASB (Cloud Access Security Broker). This security tool supports multi-factor authentication (MFA) and single sign-on (SSO) and can enforce fine-grained authorizations. This ensures that only authorized users have access to certain data and applications.

2. Set up guidelines for data interactions

In order to protect their sensitive data in the cloud, they should define policies for this and specify which data may be uploaded to a cloud at all, for example to a GenAI platform, or which information employees may download from a cloud to BYOD devices that are not managed by central IT. Existing frameworks and standards can help them with this. Pre-defined policies can often be used to quickly and easily create appropriate guidelines for data interactions in the cloud.

3. Continuous data discovery and data classification

In order for companies to protect their sensitive data in the cloud, they first need to find out what data they actually have and where exactly it is located - and not just once, but on an ongoing basis, because their data is constantly being changed and expanded in the course of day-to-day business. Modern tools offer them many automated features for this. They can scan all of a company's storage locations in the cloud and use artificial intelligence to independently understand and classify the collected data.

4. Continuously monitor data interactions

To ensure compliance, companies need to monitor all data movements to, from and within the cloud. They are then in a position to identify potential threats and quickly initiate countermeasures that can stop a data outflow or data protection breach. Appropriate security systems enable them to monitor all data, storage systems and access in real time and detect, limit or completely block suspicious activities such as unusual changes to data or access that deviates from normal patterns.

5. Secure all end devices

To close all security gaps, companies should use a security solution that enables uniform enforcement of policies from company-owned end devices to employees' BYOD devices. This can, for example, prevent employees from saving sensitive information from a cloud platform on their private end devices or moving data from a trusted cloud to an insecure cloud service.

"It is crucial for companies that their security solutions protect data in the cloud without restricting employee productivity," explains Fabian Glöser, Team Leader Sales Engineering at Forcepoint in Munich. "That's why they should definitely use risk-adaptive systems. Such solutions are able to analyze risky behaviour and respond with measures that are appropriate to the specific context. In this way, they prevent the unwanted outflow of data without imposing the same rules and limitations on every employee."

Source: www.forcepoint.com