Anywhere, Anytime Data Protection in the Cloud
Is your company data safe from prying eyes? If one of your key employees left, would you be able to immediately block access to protect your confidential business information?
Until the now widespread use of cloud services and bring-your-own-device (BYOD) in the workplace, who was responsible for data protection was rarely an issue—it was clearly the company’s sole responsibility. Now that companies are increasingly relying on outside parties and a portfolio of SaaS services for the delivery of basic IT services and allowing staff to use their own equipment, the answer is far murkier.
The first step in the process of securing company data is having a good understanding of where the data resides and who has access to it. By identifying different roles in the organization and limiting exposure to only the data that allows employees to do their jobs, business risk can be substantially reduced with minimal impact to productivity.
For example, sales managers can and should have access to their own accounts, but do they really need to be able to view all accounts? Probably not. Once the basic role-based access controls (RBAC) have been implemented, the next step is to apply the rules to the systems, applications, and devices.
Much has been written about the rapid adoption of mobile BYOD devices in the enterprise. One of the biggest concerns has been the fear that company confidential information is on these devices. This is a risk from the standpoint of both the potential for device theft and a path for data leakage. Since the company does not own these devices, the question becomes just how much control the company has over them.
Good Technologies, which just landed $50 million in new funding, is a good solution for companies able to demand tight controls. The user experience might not be ideal, but many companies are limiting access to sensitive data simply by using only web portals where it is far easier to implement strict RBAC server-side controls.
Another approach is to create a virtual desktop on a mobile device. This might not be practical for companies that have a high percentage of personally owned devices and contractors and agents who do not work directly for the company.
One of the best ways of taking control of sensitive company data is moving the data to a SaaS delivery model. At first, this might sound odd because SaaS is typically hosted in the public cloud, which is often viewed as inherently insecure. However, because SaaS is by its very nature a multi-tenant environment, the vendors need to take special care to provide tight access controls.
Most companies, such as Salesforce, have elaborate user account functionality that can be used to create RBAC. For companies that are even more paranoid, turning the application into a modern version of a terminal by limiting report download capabilities, securing any generated PDF files, and even the disabling print screen function are all viable possibilities.
For military-grade secure access, files can be encrypted and will only be viewable if the user is connected to the proper secured network and the key to unlock the file is delivered within a certain time frame.
In many ways, because the perception is that the cloud is insecure, the reality is that applications in the cloud are actually more secure.
Are you ready to risk putting your company’s sensitive data in the cloud?