A Question Of Priorities: Where Should Cloud-Centric Organisations Focus Data Protection?

By Anurag Kahol, CTO, Bitglass.

  • 2 years ago Posted in

For many organisations, creating an effective data protection strategy to support the adoption of remote work and cloud infrastructure is becoming increasingly urgent. But in working to mitigate risks and build robust processes, IT leaders face a range of challenges, and getting the priorities right is key to overcoming issues as varied as data leakage, compliance, and access control--all while maximising user experience.

So, where should they start? And what are the main data protection challenges that can threaten the integrity, management, and security of distributed data?

Challenge 1: Removing the risk of hidden data loss in encrypted traffic – When workers were in the office and connected directly to the company network, data and applications resided in central data centres, encrypted traffic was limited, and, as a result, on-premises security solutions were sufficient. However, with the move to the cloud, the use of the web, and the widespread adoption of remote working, encrypted traffic has shifted from the exception to the rule. If current data protection solutions don’t identify and control sensitive data in encrypted traffic, they will miss the majority of sessions in which data exposure and misuse is a possibility, leaving the organisation vulnerable to data loss and breaches.

Solution: Stolen data is often disguised and sent uninspected through SSL, and according to a recent Google Transparency report, 95% of traffic is encrypted and therefore not subject to inspection by traditional DLP solutions. This is potentially disastrous, as partial inspection of traffic leaves businesses vulnerable to data loss, meaning sensitive data passing through may be missed. Consequently, organisations need cloud and web security solutions that can inspect every byte outside the network and beyond the scope of legacy technologies. With this approach, they can ensure that data within encrypted traffic is secure.

Challenge 2: Closing gaps between data protection services – With the move to the cloud, data is distributed across diverse SaaS, IaaS, web, and on-premises environments. Naturally, each of these needs effective data protection. As a result, organisations are adopting cloud access security brokers (CASBs) to secure managed SaaS applications and IaaS platforms, cloud security posture management (CSPM) to scan IaaS instances for costly misconfigurations, secure web gateways (SWGs) to secure the web and unmanaged apps (shadow IT), and zero trust network access (ZTNA) to secure residual on-premises resources as they are accessed remotely. However, this complexity makes data protection uniformity and solution management challenging, and can waste time and money while creating gaps in visibility and control across resources.

Solution: Unified protection, whereby a consistent level of security is provided to all interactions across ecosystems, can be achieved by adopting a comprehensive security platform built in and delivered through the cloud. Today’s market-leading technologies can monitor data in transit and at rest within IT resources through capabilities like cloud DLP and ATP. Consistent, easily managed security across all interactions is key.

Challenge 3: Avoiding poor user experience: With workers and the resources they access and use to do their jobs moving off premises, a major element of core infrastructure is now the internet itself. One of its downsides, however, is that this approach limits IT’s ability to anticipate, identify, and mitigate issues with their legacy security stack. Additionally, when the majority of services, solutions or applications used by workers are out of the organisation’s control, it becomes more difficult to ensure that employees have a good user experience and maintain productivity while data stays safe.

Solution: Many appliance-based security offerings require traffic to be backhauled to a central data center, creating bottlenecks and causing latency, which directly impacts user experience and productivity. A platform that embraces the concept of secure access service edge (SASE) puts data security as close as possible to the user, reducing latency and significantly improving the user experience.

Challenge 4: Eliminating compliance violations across the cloud: Failing to meet and maintain required industry regulations can result in significant fines and even loss of business. With data distributed across SaaS, IaaS, the web, and a myriad of devices with remote access to enterprise networks, visibility and remediation for compliance purposes are reduced, potentially putting your company at risk.

Solution: By obtaining unified visibility and control across the entire IT ecosystem, a range of key compliance standards (PCI DSS, HIPAA, and GDPR, and others) can be met, minimising the risk of compliance violations in today’s complex environments. This is done through, once again, through integrated platforms that boast a variety of functionality (DLP, IAM, CSPM, and others) which can ensure that specific regulatory requirements are addressed.

By including these important considerations in data protection strategy planning and execution, organisations can embrace digital transformation with confidence. In doing so, they can close gaps between data protection services, minimise risk, achieve compliance, and deliver a consistently strong user experience.


By Gareth Beanland, Infinidat.
To ensure full confidence that your documents, spreadsheets, and correspondence are kept safe,...
By JG Heithcock, General Manager of Retrospect, a StorCentric Company.
Michael Del Castillo, Solutions Engineer, Komprise, looks at how to design a cloud storage strategy...
By Ezat Dayeh. Senior Systems Engineering Manager, Western Europe at Cohesity.
The past year significantly changed the way organisations protect and store their data. By Joe...
By Rainer W. Kaese, Senior Manager Business Development, Storage Products Division, Toshiba...
The popularity of containers first emerged with Docker in 2013, although the system as we know it...