Voltage Security recently released the results of an industry survey in which 62% of senior-level IT and security respondents said they think the Government snoops on cloud-based company information. Even more disturbing, more than half of respondents in the survey work for large fortune 500 companies. These results indicate the critical need to protect sensitive cloud-based information from exposure; no matter who the potential intruder may be.
Dave Anderson, Senior Director at Voltage Security commented: “Any sensitive information, including financials, customer and employee data or intellectual property needs to be protected across the entire lifecycle of that data.” The loss or exposure of sensitive corporate or customer data can have dire consequences. The exposure of sensitive data can ruin a brand that took years to build, within hours. Security of data should be of the highest concern to every corporation that considers itself responsible. The recent revelations about NSA snooping should only solidify the need for further security of cloud-based data.
An organization’s data protection strategy must include proactive data protection controls, which enable the security professional to supervise and manage how cloud-based data is secured. Encryption, tokenization, and data masking are all tools in the security professional’s toolbox and all should be utilized in order to ensure data security.
The belief is growing stronger that security, privacy and compliance are not just a tactical, ‘check the box’ activity that everyone has to do, but rather is a strategic process that is of the utmost importance to limit liability.
“Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad-hoc snooping and surveillance activities,” said Anderson, Senior Director at Voltage Security. Privacy and security must be effectively balanced with regulatory compliance as part of a comprehensive data protection program. The ability to ‘de-identify’ information, either through encryption, tokenization or data masking provide very effective mechanisms to secure sensitive data.
This strategy inherently provides an underlying foundation for data privacy while ensuring compliance with governmental regulations. By focusing on security, it ensures that only authorized users have access to protected data. In this day and age, privacy and security must become aligned and work in harmony to secure sensitive data from any outside entity.
As more organizations leverage clouds for data processing and storage, security and privacy become of the utmost importance. The only way to provide the necessary levels of security to guard against data loss, through surveillance, a malicious attack, or an inadvertent disclosure, is through a data-centric comprehensive security program.
Anderson added, “We believe that this approach, which can protect sensitive data across the entire data lifecycle, can allow companies to leverage the benefits of cloud adoption, and ensure their sensitive data is protected from any prying eyes. This approach can completely change the negative view of 62% of companies regarding the security of their data in the cloud.” By having a security program in place corporations may be able to protect themselves from the prying eyes of government snoops.