The public cloud is used everywhere. In almost all businesses, employees share files through cloud services, teams use apps to keep track of lists and browser plugins regulate traffic to the world outside of the company. The downside is that the IT department can’t really manage this traffic. With these tips, we’ll help you keep your data under control – locally as well as in the cloud.
Some of the companies we visit have a policy forbidding the use of the public cloud. Regardless, many employees tend to use such cloud services – they just make teamwork easier. As a result, when we conduct an assessment for a client, we often find that almost no one sticks to the rules. What can you do to prevent this?
Every single firewall traffic analysis reveals that the HTTPS protocol is used often. This isn’t just due to employees visiting websites: cloud services such as the corporate and private version of OneDrive, Dropbox, WeTransfer, Evernote and GitHub also play an important role. This makes it hard for the IT department to see which services employees really use, which in turn leads to an increased risk of data breaches.
With intelligent firewalls and solutions such as Microsoft Cloud App Security, we can shed light on Shadow IT and help you regain control over the data flowing from your local servers to the cloud.
Moreover, the public cloud is more reliable than many people think. From a technical perspective, the public cloud can be at least as secure as any on-premises solution. Security isn’t just a matter of technology, after all: a cloud environment’s security starts with your employees – or, more specifically, with their environmental awareness. That’s why we never start a project by implementing tools immediately. Instead, we organise workshops to explain the context and find out which data need to be secured. Developing a user scenario is also an important aspect of these workshops.
With this knowledge, you can implement appropriate rules to give your employees the necessary freedom to act within the business policy. There are several ways to secure your data; the most well-known option is Data Loss Prevention (DLP). DLP scans files and blocks those that contain certain keywords. The difficulty lies in determining the context of these files. As you can probably guess, this is a very error-prone method.
Azure Information Protection approaches things differently and makes it easy to switch to data classification. It automatically (or manually) gives documents a label, such as “HR” or “Confidential”. This creates a clearer overview and makes end users more aware of data. It implements access control and automatically encrypts sensitive data.
The tool prevents employees from sharing documents with the wrong people at the wrong time. You’re in complete control of who can view what when, you can choose whether you’ll grant access to internal employees only or to external parties as well, and you can revoke access rights.
With your data secured, it’s time to consider whether access to your data storage locations is secure as well. You should be able to store data anywhere, on-premises as well as in the cloud, and users should be able to work anywhere. The technical solution to achieve this is implementing Conditional Access rules.
Bank employees in Luxembourg can work with financial data within the country, but not in other countries. If something alarming happens, the system intervenes: for example, if a client logs in in Brussels and then logs in in Berlin half an hour later, their account is blocked due to suspicious activity. Alternatively, an extra security measure may be activated: after they’ve verified their identity through SMS authentication, they can resume using their account.
Shortly put, data security is more important than ever. Don’t hide behind yesterday’s infrastructure security; instead, dare to think about how you can secure sensitive data outside of your organisation.
Your email address will not be published. Required fields are marked.