10 Tips for Taking Back Control of Your Data
Ask the cloud providers and developers who will configure your virtual networks on cloud platforms and how the network is designed. Gain assurance that your data isn’t just thrown into the cloud.
Get familiar with data-centric security tools that work in and outside the enterprise walls, in particular, cloud data encryption.
When it comes to encryption of data at rest in a cloud environment, pay attention to who owns the keys and where those keys reside.
Develop a security platform that allows the enterprise to implement a consistent policy across multiple cloud services, preferably one that does not involve complex key management.
Data in-use is, effectively, the data that has been loaded into a process and is in the memory of the program that is running. They’re in the clear while being processed and not protected by in-cloud based encryption that the cloud service provider uses. Make sure you own the entire encryption process of this data.
Consider tokenization as a means of protecting cloud data. Although it’s in the news mostly as a way to protect payment-related data, such as Apple Pay, large enterprises use tokenization more broadly to secure all sorts of data in the cloud.
Data flows will bypass desktops and be processed and stored exclusively on mobile devices such as tablets and phones, so take control of mobile data flow.
When choosing a cloud security solution, be sure to select one that takes full advantage of cloud SaaS functionality without compromising user functionality and still maintaining the strongest possible security and data control.
Understand what legal and regulatory data compliance requirements there are for the types of data being stored in the cloud. Ask who is responsible for ensuring that legal and regulatory data compliance and privacy laws are addressed.
Look at your business contracts, the method of sharing data with your business customers, and consider the types of information exchanged. Sensitive information and intellectual property may require certain treatment. Industries, such as banking and health care, have specific legal and regulatory restrictions and protections.