Blogs & Resources

Data-centric cloud security - protect what matters most on the cloud!

Supreeth Rao

Cloud data is becoming critical to enterprises as businesses are getting more data-driven. However, data breaches and exfiltration attacks are also on the rise. Cloud security tools exist, and cloud providers provide controls, but there are too many issues flagged and too little context of how data is being secured.

Data and access are critical assets that every business needs to protect. Building security that does not align to understand how data and access can be protected becomes another project in an organization that needs more attention, and ROI justification is always tricky. 

Data-centric cloud security is securing the cloud with data context driving security and protection controls. An enterprise that adopts a data-centric approach will first get to see where the most critical or sensitive data exists within the cloud deployments. Once the key jewels are known, access to these data assets and the risks exposed to the critical data can be prioritized. Data-centric cloud security puts data context as a pivotal pillar to drive cloud security outcomes. Every enterprise data surface has complexities that can be knit together to create the proper understanding needed to secure cloud data. 

  1. Data contents and inventory: Every data store, whether an object store, DBaaS, Cloud data warehouse, or data being transacted on the API, has different records or entities. Some might have PII, PHI, or key entities to the business. Inventorying the data based on contents and the impact on the business is an essential first step. 
  2. Remediation based on financial impact for every data risk: Once the impactful critical data is identified, the risks to such data are easy to prioritize. Rather than addressing risks to cloud infrastructure as a broad generic brush-like ‘critical, high, medium, etc.,’ empowering security leadership to understand the impact of not fixing data risk and using that to prioritize is a key next step. Impact in terms of estimated financial liability of the data risk would make the ranking very predictable. 
  3. Harmonized access controls based on data: Each cloud data store has different security controls. A cloud data warehouse’s controls for access or encryption are not the same as that of an object store. Enterprises need to look at these controls in a harmonized way, abstracting the technicalities as security intent is always based on data and access and never on how data is stored or using which technology. 

To conclude, a data-centric cloud security approach starts with data first, enabling enterprises to understand every data asset's contents and impact. Tying back the access and security controls to enhance the visibility of the data surface helps build a complete picture of the data context. Associating the quantifiable impact of every data risk and vulnerability is an approach to looking at cloud security problems inside-out, with data context driving the solution. 

Theom is a cloud data protection platform specialized for cloud stores like Snowflake, Databricks, AWS, Azure, and GCP. Theom enables enterprises to align security controls to protect their data against data breaches in a data-centric manner. 

Suggested Related read: You can't protect what you can't see, Holistic visibility!