Privacy, AI, and automation in the multi-cloud era

Satyavathi Divadari Chief Cyber Security Architect, CyberRes
Madhukeshwar Bhat Director, Chapter Development, Cloud Security Alliance

Cloud has become an integral part of enterprise business strategy. Research firm Gartner predicts that 85% of organizations will embrace a cloud-first strategy by 2025. As part of that, multi-cloud adoption is increasing, and so are the risk factors for your data.

The Cloud Security and Technology Maturity Survey from the Cloud Security Alliance (CSA) names these as the primary factors leading to the rise in multi-cloud adoption:

  • Leveraging best-in-class features from cloud service providers: 29% 

  • Avoiding vendor lock-in: 21%

  • Reducing cloud concentration risk: 16%

Even given all the benefits, however, multi-cloud comes with its own risks, for data security in particular. Here are some ideas for how to manage it.

Multi-cloud data visibility and privacy management 

Managing data across multiple cloud platforms is a daunting exercise. Discovering and classifying enormous amounts of data spread across different environments is a huge challenge. And beyond all that, you need to manage regulatory compliance as required by the General Data Protection Regulation (GDPR), the California Privacy Rights Act (CCPA), and other relevant laws. 

Data discovery solutions can identify and classify personal and sensitive information with in-built regulatory mappings; these tools are highly useful for managing multi-cloud.

Comprehensively handling data encryption or data masking to protect data across clouds or on premises is essential. Leveraging security solutions such as cloud access security brokers, which sit between the cloud and your on-premises gear, can help to enforce your policies around data security .

Having comprehensive data privacy and protection methods across an organization helps reduce costs, complexities and, in turn, your risk.

Data-centric or identity-centric zero trust

According to the CSA's survey, some 73% of organizations are planning and designing a zero-trust strategy. With strengthened data privacy and protection regulations such as GDPR and CCPA, a privacy-by-design strategy is more important than ever. According to the CSA's research study, around two-thirds (63%) of organizations are either planning or implementing privacy-by-design strategies.

While zero trust is not new, rapid cloud adoption and the pandemic-induced rise in the number of employees working from home have increased its use. Organizations are moving beyond network-based trust enablement, a highly mature methodology, according to the study.

Data-centric or identity-centric zero-trust strategies are emerging to address these dynamic changes, including providing least privileges and allowing data access only for verified users and only to confirmed data sources.

Mitigating risk exposure with intelligence and automation

Intelligence and automation can help you manage your cloud. These powerful capabilities include data discovery and protection, application vulnerability identification, identity governance, and intelligent threat management. By automating security processes, organizations can reduce risk, increase operational efficiency, and free up vital personnel to focus on higher-value tasks.

These are other, related tools you should adopt:

  • AI-driven data discovery can build a rich inventory of customer data, automatically discover sensitive data across all repositories, reduce your data footprint, and lower TCO.

  • Secure your data analytics to automatically encrypt or anonymize sensitive data in files, databases, applications, and analytics platforms so that business workflows continue to operate, and data continues to be usable. If exfiltrated, the encrypted data is useless to the cyber attacker.

  • Automated DevSecOps leverage security integration in DevOps pipelines to identify risks, enforcement, and remediation. They also optimize the power of automation for agility, speed, innovation, and delivery.

  • Automated identity includes credential creation, assignment of logical and physical access rights, and management and governance of these credentials. These lifecycle-based, analytical, and machine-learning-aided capabilities provide visibility and control while reducing risk.

  • Intelligence threat detection and response increases cyber resilience with an integrated framework that contains machine-learning-based threat intelligence, advanced threat detection, automated response using prescriptive workflows. They eliminate inefficiencies, reduce time to detection, and increase response time when dealing with advanced threat actors.

Cloud is about shared security

Embarking on a cloud journey is exciting. The sheer pace at which it enables innovation is even more exciting. Multi-cloud models expand this even further.

While many argue that the cloud platforms have inherent native security controls and you needn't bother to implement your own, you need to remember cloud is all about shared security. It is time for organizations to take multi-cloud security seriously to protect themselves as they enjoy the benefits of the multi-cloud era.

Madhu Bhat, director of chapter development at the Cloud Security Alliance; Vinodh, practice partner at WIPRO; and Ramsés Gallegeo, international CTO at CybrRes, will be discussing these topics in a panel discussion, "Privacy Enablement and Artificial Intelligence in the Multi-Cloud Era," on May 10, 2022. Register here.

Read more articles about: SecurityInformation Security