Photo: Stree Naidu
2014 has brought a wake up call on data security. An onslaught of hacker incursions including Apple's iCloud hack, JP Morgan Chase, M1 Telco and most recently the Dropbox hack have caught the attention of the corporate world. Now every board and CEO must be sitting on the edge of their seat, fearing that their cloud-based systems are not as 'bullet proof' as they have boasted or hoped.
Keeping up with the cloud
Let's face it; data security is an issue for all of us. We're living in a digital age where consumers and corporations alike are accessing growing amounts of data through mobile devices and laptops. Today, we rarely choose to send photos via email; we no longer use USB drives to carry files; we enjoy the perks of completing a bank transfer on our mobile devices. The cloud has become a place where everyone meets and exchanges, it has also become a place where our most valuable data is being stored. We are growing accustomed to the idea of unlimited data in the cloud at little or no cost.
But while our demand for the cloud increases, the security architecture to protect our critical data sometimes falls short. This plays well into hackers' hands, serving as low-hanging fruit. Online thieves have not just become more discriminating in the techniques they use, they have also become more discriminating in who they go after, seeking out organisations that are most likely to be rich in the sensitive data they want to steal.
Protecting your data where it matters most
The way I see it, hacker expertise is racing ahead and we need to keep up in order to keep data safe. It's fast becoming 'when' and not 'if' a security breach will happen and today's solutions that focus on endpoint and network security are no longer sufficient.
It's time we protect what these intruders are really afteryour company's data, beyond the password and the firewall but at the data centre level. It's like protecting a home. We've built great fences, branded fences in fact from the who's who in the industry. But have we locked each room? Have we made sure that the valuable data in each room is secured and accessed by only the right people and the right organisations?
A layered approach
No company is too small to be at risks. As threats constantly evolve and the data security environment becomes more predictable, we need to be proactive in protecting ourselves through awareness and technology.
These are some of the steps that enterprises can take for better protection of data in the cloud:
- Know your data: The first step in protecting your data is in knowing where it is, and who has access to it
- Improving your internal data controls: Set up controls to watch for data transfers. Audit and deploy behaviour alert systems to flag abnormal behaviour from a user with privileged access
- Staff knowledge: Educating staff about the importance of data protection is key to guard against abuse
- Lock it down: Ensure you have a secure data centre system to store and protect sensitive assets
Sign up for CIO Asia eNewsletters.