An industry survey from Voltage Security found that pre-PRISM, 62% of senior-level IT and security respondents already thought the government looks over corporate data, without their knowledge, while it resides in the cloud.
“Any sensitive information, including financials, customer and employee data or intellectual property needs to be protected across the entire lifecycle of that data”, said Dave Anderson, Voltage senior director, in a statement. “Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand and reputation and, as the recent NSA events further validate, a loss of privacy around how we communicate and the content of those communications.”
An organization’s data protection strategy should include proactive data protection controls, such as the ability to supervise and manage how underlying data levels are secured through encryption, tokenization and data masking, he noted. In addition, companies should have policies in place governing how secured data can be used across the organization while still ensuring compliance.
As more organizations leverage the cloud for data processing and analytics, security and privacy become the core requirement across these initiatives. Yet, requirements for regulatory compliance have made security, privacy and compliance somewhat of a tactical, check-the-box activity for some organizations, but in the wake of Edward Snowden blowing the lid off of PRISM, that’s changing. There is an increasing understanding that the only way to provide the necessary levels of security to guard against data loss – either through surveillance, a malicious attack, or an inadvertent disclosure – is through a data-centric security program, Anderson indicated.
“Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad-hoc snooping and surveillance activities”, he said.
A comprehensive data protection program provides an underlying foundation for data privacy as well, ensuring that not just the data level itself is secure, but also that the information can only be accessed and used by authorized users and the specific intended recipients. As a result, privacy and security become much aligned, and users and organizations have the ability to secure any sensitive data, while ensuring communications and use of that data can remain private.
“We believe that this approach, which can protect sensitive data across the entire data lifecycle, can allow companies to leverage the benefits of cloud adoption, and ensure their sensitive data is protected from any prying eyes”, concluded Anderson. “This approach can completely change the negative view of 62% of companies regarding the security of their data in the cloud.”