Enabling a Connected Workplace – The Challenge
Organizations have left no stone unturned to adopt collaboration services, which saw an increase of up to 600% in usage due to the “New Normal.” As per McAfee’s Cloud Adoption & Risk Report, Microsoft reported its Cloud Services growth as high as 775%. As cloud service adoption increased, so did threats aimed at cloud services with a higher concentration on collaboration services like Microsoft 365. Most cloud computing security risks are related to cloud data security. Lack of data visibility, limited control of data, or data theft in the cloud, most issues circle back to the data placed in the cloud.
Cloud Data Risk – The Key Factors
- Personal Apps Connected to the Enterprise Cloud
Using personal applications on corporate devices is widespread. Most of these apps are vulnerable, putting sensitive data at risk and causing various malware attacks on cloud services exploiting user trust. For example, it is common for any user to have two Microsoft OneDrive applications on the device– personal and corporate. The chances of uploading sensitive enterprise data files to the personal OneDrive are highly likely.
- Enterprise Cloud Apps Exposed to Third Parties
As enterprises start using their cloud applications with external agencies, data exposure increases. Enterprise security teams provide third-party vendors with highly privileged roles on cloud applications. Sometimes, the breach might happen after the data has left the cloud and moved into the vendor agencies’ systems. The security concern is that once sensitive data leaves the enterprise, you’ve lost control and visibility of your data.
Security teams need to focus on reducing third-party data exposure in their cloud environment and beyond.
- Misconfiguration of Access Control
External parties access enterprise files and folders using their personal devices, primarily unmanaged and without anti-malware technology. Any malicious file uploads to the folders can pose a colossal data security risk.
Microsoft 365 allows your users to collaborate with external parties beyond organization perimeters in applications like Teams, OneDrive, and SharePoint. The users can share a file or even a folder, which provides access to all the files residing on the folder and subfolders and new files created in those folders. IT security groups need to control the access and monitor the actions performed on these files and folders.
The Data-Centric Approach
It is cumbersome to constantly chase data as it moves around within the enterprise, to the cloud, and beyond. Enterprises need to be confident that sensitive data is protected- whether it travels across the cloud or third-party systems. The data-centric security approach is the only option that embeds security controls in the data itself while data-at-rest, in-transit, and at-work, stops the data chase. A solid data-centric security approach to the cloud involves:
- Reducing Data Access & Footprint: Users are often assigned unnecessary privilege access increases the risk of a data breach. It is critical to assign the proper access to prevent users from exposing or stealing data. Also, simply reducing or removing the data stored in the Cloud account can stop data misuse.
- Detecting and Classifying Data: Assign a DLP/CASB policy to detect sensitive data like credit card data (PCI), customer data, personally identifiable information (PII), or any other data as per company policies. The standard blocking feature of DLP/CASB systems ensures confidential information stays contained. But blocking data hinders collaboration making the data useless.
- Encrypting Data and Embedding Security Controls into the Data: Encryption and rights management systems integrated with CASB systems and cloud services can automatically encrypt the data add access and usage controls to “discovered” data in the endpoint, email, and cloud. Employees can collaborate and continue working securely because the data is protected before leaving the enterprise.
Data-Centric security – The Only Option
The top reason to adopt data-centric security solutions for the cloud is to regain data control. The security controls travel or reside with the sensitive data, regardless of device, OS, or platform. Microsoft 365 integrated with the Rights Management solution provides automatic protection as soon as documents are uploaded into Microsoft Teams channels or SharePoint Online. The user need not worry about manually protecting documents or deciding which security policy to apply. By attaching usage controls to sensitive emails and documents, users can confidently collaborate on the cloud.
Learn more about the best-in-class rights management solution to protect sensitive data on Microsoft 365. Watch Video:
(Disclaimer: The logos used in the graphics are for representation purposes only. The information in the graphics is intended for informational and educational purposes only.)
This article, written by Sanchari Mitra, was published on the ET Insights website on May 26, 2021.