Blog

The ‘New Normal’ in Cloud Security: Protecting the Data Itself from Compromise – Guest blogger, Janine Darling, CEO of Stash Global

The Challenge with Traditional Cloud Security

Traditional methods of securing data are no longer effective as cloud-based infrastructure is forcing stakeholders to seek out innovation and new offerings in data protection.

Business leaders and data security practitioners – CISOs, CTOs, CIOs, CDOs must take a long look without any blinders on and make a hard assessment on the effectiveness of their current security and data governance processes and procedures. If they do not include datacentric components, those that protect data at the data level, and concurrently control the access of data without user involvement, the outcome is that data is ripe for the taking – completely vulnerable to attack, breach, ransomware, loss, harm, and manipulation.

Consider also that the biggest security risk your organization may face may come via a trusted vendor, or through an employee who fails to spot an email that is rogue. Or intentional attempts by employees to exfiltrate data from the company for personal or nefarious purposes.

Another threat cited in recent industry reports is the escalation of supply chain attacks. SolarWinds was not the first (though it sent shivers down the spines of every public and private entity in the world, mine too), nor is it the last of what are increasingly multiplying methods and means of attack to our most precious resource: the data that creates the uniqueness, identity, and value of our businesses and the security of our nation. The danger here needs no further explanation.

Detecting anomalies and securing the perimeter (something that no longer exists; walls and fences, no matter how thick and tall, are not deterrents – the perimeter is now the data itself) have proven to be ineffective as attack vectors change and adversaries stay steps ahead of us. If we are always catching up, we will never win the battle, never mind the war on data compromise.

The disruption caused by the pandemic isn’t going away anytime soon either. In fact, as health risks ease, consolidating off-site and on-site operations that have changed permanently during 2020 will be another piece of the security puzzle that will need serious attention.

It’s fair to say that granular data control and eradication of data compromise are highly sought-after outcomes.

Listen to Janine Darling speak on getting proactive with data protection on Seclore’s Security Now partner panel.

Due to the very competitive nature of today’s cybersecurity environment, cost of ownership, time to market, and proven effectiveness have become critical criteria in commercial and government environments, and to service providers and their customers, when selecting data protection protocols and the tools that support them. Traditional defensive security options, while showcasing the appearance of positive results, have proven to be less than effective, very expensive, time consuming to deploy, and questionably cooperative with existing tools. They are rarely nimble, and often require additional human and capital requirements that stifle flexibility and adoption. Often, the user experience is onerous, prompting an often-lamented scenario of non-compliance at the weakest security link: the user. While large organizations can afford to choose any data security and governance option, the cost to value ratio of ineffective data protection tools extrapolates with the increasing size of the organization and data volume, quickly creating a chasm of low value, high-cost failure to protect data, and greater probability of data compromise.

Confronting Three Primary Challenges to Securing Sensitive Data

Organizations are having to confront the need to exert granular control over organizationally and client sensitive data. They face three primary challenges:

  • The lack of technical controls associated with data entrusted to an employee or business partner
  • The risk posed by negligent handling or deliberate misuse of data by employees, business partners, or criminals
  • The need to store and access sensitive data for long periods of time

With billions of connected endpoints leading directly or circuitously to your data, eradicating data compromise feels like a herculean task. But with the right combination of thoughtful, innovative technologies (think less is more), data compromise becomes another business problem that can be solved.

The global risks report 2021 is the 16th edition of the world economic forum’s annual analysis and looks back at a year ravaged by a global pandemic, economic downturn, political turmoil and the ever-worsening climate crisis. Amongst the top negatively impactful challenges of the next ten years are data fraud or theft and cyber-attacks.

According to Gartner, Digital Rights Management (DRM) and Datacentric Security (security that protects the data itself) are the core technologies for effectively protecting data in today’s broad-based connectivity landscape.

An All-In-One Solution to Data Protection and Governance

Over the last few years, Seclore Rights Management and STASH Secure Data Governance have been working closely together to create an all-in-one solution to address the data insecurities, attacks, fraud, and theft that continue to plague the world economy in devastating ways.

The combination of Seclore Rights Management and STASH Data Protection, Resilience, and Privacy at the data byte level has created a zero-trust data governance, visibility, and protection solution that is a radically effective departure from security postures comprised of application stacks cobbled together from disparate sources. In and of themselves, these create the requirement of a ‘business within a business’, that of deploying, integrating, and perpetually managing data management and security applications, at the expense of working with data to generate ROI.

STASH protects all formats of unstructured data by encrypting, parsing into pieces, and distributing multiple copies of that data where it is stored, archived, and preserved at multiple locales, on-cloud or off, of an organization’s choosing. The data synchronizes with the end- user system and is stored in virtual folders, protected in-transit, in-use, and at-rest, whether it ends up in the hands of legitimate users and when it gets into the hands of malicious actors.

Seclore Rights Management (RM) delivers trust and policy management technologies that are deployed to allow protected information to be distributed and used by authorized individuals and entities only. The user, the most vulnerable weak point in any security protocol, is removed from the decision-making process regarding data access inside and outside of the organization. Since the security and permissions stay with the data, even if it gets into the hands of an unintended accessor, the data cannot be accessed.

The sensical combination of these two complimentary technologies are quickly becoming the go-to for organizations wary of the status quo and less than satisfactory data protection outcomes.

The integrated Seclore/STASH Secure Data Governance Solution is an innately viable alternative that offers a refreshingly complete, flexible, non-proprietary, set it and forget it answer to secure and resilient data governance requirements anywhere in the world.

More information is available by contacting:
John Dundas
Datacentric Solutions
Stash Global Inc.
john.dundas(Replace this parenthesis with the @ sign)stash.global

Related Posts