Back to resources
Rethink cloud data security from an access point of view
November 2020 / 6 min. read /
‘How can I make my cloud environment more secure?’ It’s a common question from enterprise organizations. The right question too often answered incompletely. That’s because the overriding answer is to adopt a cloud native mindset. Instead of thinking in terms of privileged access management, think Cloud Access Management. When you do that, securing your sensitive data looks different to how it ever has in the past.
Define sensitive data
Sensitive data does not only mean customers’ PII (Personally Identifiable Information). It’s all valuable data within your organization - including financial, operational, R&D, trade secrets, and other data subject to regulations and control requirements like personal health information. The latter tends to be where organizations focus 99% of their time, while overlooking security holes within other data types.
That’s not to say all data is equal when it comes to privacy and protection. It’s not. It’s up to each organization to decide where they are prepared to accept risk and how much, in relation to the information they’re storing.
Protecting data the legacy way
In the confines of a legacy network, organizations used to focus on endpoint security, VPNs, DLP, firewalls and other tools for containing data. Applying this approach in an ever-expanding multi-cloud world where users access systems and machines talk to machines, as you can imagine, provides countless opportunities for mishap. Whether from malicious actors involved in cloud environment cybersecurity breaches, to even simple mistakes like deployment misconfigurations.
Security must change. But first, to understand what needs to change, it’s worth noting how enterprises store business data today.
Storing data in public cloud technologies
Data stored in public cloud platforms like Google, AWS and Microsoft Azure often requires a DaaS (Data as a Service) solution for data mining, extracting and analyzing it. These include Snowflake, Amazon Redshift, Google BigQuery, Cloudera, SAP Hana and Databricks, to name a few. Then there’s a whole range of front office applications that your workforce rely on to surface information as part of daily interactions with colleagues, customers and partners. For example, Salesforce, Workday and SAP Cloud - all popular SaaS (Software as a Service) systems.
Finally, there are a whole host of app integrations with the above systems that add or extend their functionality. Dropbox, Box and OneDrive are examples of collaboration apps.
As you see, the list of places where people are storing and sharing data is growing at a pace enterprises cannot afford to ignore. The way data is being accessed also needs to adapt to accommodate users on various devices and in multiple locations. Microsoft Active Directory as a single source of truth for IT services isn’t flexible enough to support this new identity and access management activity or keep up with the growing number of potential threats.
Protecting sensitive data in a multi-cloud environment
Wouldn’t it be great to be able to trust the good intentions and the best practices of every person authorized and accessing your corporate information? That’s not the world we live in. Its time to start looking at protecting sensitive data using an Identity-centric mindset focused on Zero Trust. A Zero Trust model, where no user or machine ID is trusted by default with access to your sensitive data.
Britive is a part of the security movement to a zero-trust enterprise security model where Just in Time (JIT) access ensures users are dynamically granted transient access, without relying on email login. Access is automatically rescinded as soon as the task is completed or the session expires, leaving Zero Standing Privileges (ZSP).
When Security and IT leaders undertake Identity Access Management (IAM) from a Zero Trust standpoint, it makes sense for privileged access to be transitory. Granting temporary privileged access to human and non-human users instead of “always on” credentials, helps enterprises maintain a consistent state of least privilege, significantly reducing the cyber risks associated with over-privileged accounts. With thousands of temporary access requests a day, that model has to be intelligent and automated. For truly effective cloud access management today, Permissioning has to be dynamic.
Dynamic Permissioning
Dynamic Permissioning is designed to protect all your sensitive data, all the time, in a cloud enterprise environment. Britive’s dynamic permissioning platform automatically grants user and machine ID access privileges at the precisely the moment they are needed and retracts them on completion of the task. Policy-based pre-authorizations for specific tasks and roles allow access requirements to be right-sized and specified to the minute, completely removing the need for permanent access. If a specific member’s tasks and roles meet the policy requirements, they are granted access instantly and effortlessly, vastly simplifying the whole access management process.
The category-defining technology underpinning the Britive platform centralizes the control of privileged access for human and non-human users across multiple public cloud platforms, apps and devices. This Cloud Security 2.0 approach to privileged access management liberates Security and allows DevOps to operate fully in a secure environment that protects sensitive data of all types.
The 1,2,3 of data protection
Only through a combination of...
- centralized visibility
- real time behavioral analysis, and
- dynamic allocation of access privileges
...can organizations truly achieve an IAM solution guaranteed to protect your sensitive data in the public cloud.