123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL Technology,-Gadget-and-Science >> View Article

How To Protect Encrypt Data And Avoid Data Loss Prevention On Cloud

By Expert Author: skyhigh networks

Detect and remediate policy inconsistencies

Policy inconsistencies can occur in two ways. In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked. In this instance, make a policy decision to block both, allow both, or allow only the lower risk service. All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business.
The second type of inconsistency occurs when a service is partially blocked. Sometime there is a legitimate reason for this type of inconsistency (e.g. Marketing needs access to Facebook but other departments do not. More often than not, this type of inconsistency occurs because the infrastructure cannot keep up with the velocity of new cloud services being introduced and used by employees and therefore many service fall in the unclassified category. Using a cloud service management product that has an extensive registry of services and automatically visualizes allowed vs. denied traffic will make identifying both types on inconsistencies simple and will allow you to easily monitor progress resolving the inconsistencies.

Search for anomalies in user behaviour

When working to reduce the risk of cloud services, much attention is paid to the risk profile of the cloud services themselves. However, often times perfectly safe and secure cloud services can be the source of a data leak if an internal employee is acting maliciously. Unfortunately, no proxy, firewall, or SIEM can alert the organization of malicious use of a legitimate service. So, the best practice is to leverage a cloud services management product that has the ability to identify usage anomalies that are indicative of malicious behaviour.

Conduct investigations into anomalous behaviours

While a cloud service anomaly, such as the Twitter example mentioned above, is a very good indicator of malicious behaviour, and investigation must be conducted in order to determine the context and intent of the anomalous behaviour. For example, the user associated with the IP address that had 1M tweets may have simply contracted a malware virus that had seized her Twitter account, or she could have been intentionally leaking confidential data. In most cases, the best practices is to look for a legitimate business use case, compare their activity to benchmarks, and then contact the line of business manager and corporate security to alert them of the issue, monitor their activity, and intervene if needed.

Encrypt data going to key services

It is prudent to add another layer of security to the most critical cloud services in your organization. The first step is to identify services that are enterprise-critical, blessed, and procured, such as Salesforce, Box, Office365, and Google. Access to those services should require that employees to use their corporate identity and then access to your enterprise's account at the service. For example, their traffic would go to acme.salesforce.com, rather than directly to salesforce.com. This means that you can then control who has access the account, and what happens to the data sent to this service.
The best practice is to leverage a reverse proxy to encrypt data sent to these services with your enterprise managed encryption keys. In doing so, you guarantee that even if the provider is compromised, your data will not be. Finally, you will need to ensure that your control is enforced for on-premise to cloud accesses and for mobile to cloud access. This should be done without requiring the traffic from those devices to be back-hauled (through a VPN) into your enterprise edge first to avoid introducing user friction.
Doing this will provide 2 distinct advantages. The first obvious advantage is that even if the service is compromised, your data will not be because you hold the encryption keys. The second advantage is that in this era of limited data privacy, this encryption guards against a blind government subpoena. Microsoft, Google, and Box, for example, often receive subpoenas from the government asking for information for a particular company, with a gag order prohibiting them from alerting that company. By encrypting the data that lives within the cloud, the company can ensure that it is notified of any investigation, as it will need to provide the encryption keys to government investigators.

Implement Data Loss Prevention (DLP) guidelines to avoid compliance risk

Any enterprise that utilizes cloud services should be careful about sending confidential data to the cloud, but if you work in a regulated industry, such as healthcare or financial services you must be extra vigilant. Within a regulated industry, sending confidential client information to the cloud can result in a serious compliance violation that would damage the reputation of the company and result in serious financial penalties. Specifically, healthcare companies must comply with HIPPA regulations, banks and financial institutions must comply with PCI guidelines and almost every company must comply with SOX regulations. Complying with these regulations. Any company using the cloud must have a DLP strategy in order to comply with these regulations.
Proxies and firewalls cannot protect against the incidental transmission of personal information, so your Cloud Data Security management product should be able to provide DLP functionality to help prevent sending confidential client information to the cloud.

Track progress regularly

Managing the risk of cloud services is not a point in time exercise. You will need to continually monitor the use of cloud services since new services hit the market daily and your employees will constantly seek the latest tools to help them do their jobs. In order to drive a successful and quantifiable risk management program you will need to determine which metrics to track and develop a methodology for gathering the data on a regular basis.

Skyhigh Networks, the cloud access security company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.

Total Views : 28Word Count Appx. : 1034See All articles From Author

Technology, Gadget and Science Articles

1. Best Samsung S6 Edge & S6 Edge Plus Screen Repair At Samsung Repairing
Author: Lucy

2. Lg Phone Repair Uk
Author: Mriabrown

3. Making The Valuable Choice Of Iphone 6 Screen Repair Center
Author: Yacob Ahmed

4. Most Usual Things That Network Cabling Technicians Incline To Overlook
Author: networkpatchpanel

5. Patch Cables A Brief Overview
Author: networkpatchpanel

6. What Are The Advantages Of Appointing A High-quality Seo Company?

7. Keeping Safe Against Home Invasions
Author: Edward Thompson

8. How To Find The Right Seo Company In Kansas City

9. Fantastic Gps Tracking Solutions For All Sorts Of Needs
Author: Tony Zheng

10. 3 Things To Look For In Internet Of Things Solutions
Author: Rajesh Jhamb

11. Purchase Hexagonal Boron Nitride And Know About Its Industrial Applications
Author: Sameer Jadhav

12. Drying Tips For Water Damaged Iphones And Ipads
Author: Apple Repairer

13. Led Road Flares Are Must To Create Immediate Warning System
Author: winfys

14. Some Common Questions & Answers Regarding Led Emergency Flares
Author: winfys

15. Overview Of Entire Software - History, Products And Services
Author: Blake Thomson

Login To Account
Login Email:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: