Securing Data in the Cloud

Uploaded on 2016-11-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Storing data in the cloud is standard practice in today’s enterprise. What was once stored on premises is no longer and while now commonplace, the security of data in the cloud is not something to take for granted or to become complacent about.

But how do CIO’s keep company data safe from the threats hidden in VPN’s, downloads and apps?

Many think the immediate and only answer is in the encryption of that data. Encryption definitely has its advantages including its level of complexity makes access harder for threat vectors and it’s more secure than unencrypted data, as long as keys are stored separately and it is updated regularly. However, encryption is better suited for data that is not accessed very often, contradicting the very benefit of storing data in the cloud, easy access, anytime, anywhere.

As more and more daily business is done in the cloud and the use of remote access and BYOD increases, enterprises need to be concerned more than ever about security. External threats are widely known but threats are not just external as many data breaches come from within the organisation. Weak or stolen user credentials are hackers preferred approach and are found in more than 75 percent of all network breaches.

For this reason, just encrypting the data itself is not enough. Monitoring and access control need to be a big part, almost a requirement, of keeping cloud data safe. Organisations need to know who has accessed what, where from and what they are doing with that data, and if the person accessing the data is even allowed to access that particular data.

Data security needs to be a layered approach and one of the layers that can safeguard encryption and provide visibility on employee app use is multi-factor authentication technology that allows controlled access to the data by ensuring that only the right people have access to that data.

Multi-factor authentication technology offers security that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for logins and other transactions.

Multi-factor authentication not only provides organisations with the highest level of factors to validate a user’s identity, it looks at multiple factors surrounding each particular login. These factors include geo-location, network IP, type of system being accessed, time of login etc. wherein all of these factors add context that help to determine the level of trust and whether the user should be authenticated or blocked, which provides organisations with increased confidence that their data is safe.

The majority of data breaches involve the use of valid credentials that are misused including employees accessing third-party resources, downloading apps where work data is being shared to access from remote locations or credentials that have been lost or stolen. It is clear that even if data is encrypted, if someone has access to the data in an uncontrolled way, organizations are still vulnerable.

In fact, ABI Research, also supports the value of multi-factor authentication stating in a recent report, “Enterprises are finally realizing that they should not view MFA as a luxury security technology, one only for IT personnel, managers, and C-Level executives.

With the BYOD culture in enterprises, it is becoming a necessity for businesses to deploy newer authentication technologies to fight detection-resistant malware, phishing attacks, credential theft, rootkit deployments, cross site scripting, and other threats.”

In our world of ever changing cyber threats, to be able to truly exploit the value of the cloud and use the data stored within, organisations need to look beyond the protection that encryption provides and consider multi-factor authentication as it provides the link between enterprise security and employee authentication in the workplace.

Information- Management:         8 in 10 IT Pros Believe Data Is Cloud Safer:

 

« Cyber-attacks & Hacking: What You Need To Know
Cisco says It Will Make The IoT Safe »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Security Magazine

Security Magazine

Security, the business magazine for security executives, focuses on management issues facing top security professionals and effective solutions being employed, both physical and cyber.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

Intraprise Health

Intraprise Health

Intraprise Health is a Certified HITRUST Assessor and award-winning provider of health information security products and services.

CyberCube

CyberCube

CyberCube provide world-leading cyber risk analytics for the cyber insurance market.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.