SlideShare a Scribd company logo

How to protect encrypt data and avoid data loss prevention on cloud

T
tomascohencs

Policy inconsistencies can occur in two ways. In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked. In this instance, make a policy decision to block both, allow both, or allow only the lower risk service. All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business. The second type of inconsistency occurs when a service is partially blocked.

Software
1 of 3
Download to read offline
How To Protect Encrypt Data And Avoid Data Loss Prevention On Cloud Detect and remediate policy inconsistencies Policy inconsistencies can occur in two ways. In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked. In this instance, make a policy decision to block both, allow both, or allow only the lower risk service. All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business. The second type of inconsistency occurs when a service is partially blocked. Sometime there is a legitimate reason for this type of inconsistency (e.g. Marketing needs access to Facebook but other departments do not. More often than not, this type of inconsistency occurs because the infrastructure cannot keep up with the velocity of new cloud services being introduced and used by employees and therefore many service fall in the unclassified category. Using a cloud service management product that has an extensive registry of services and automatically visualizes allowed vs. denied traffic will make identifying both types on inconsistencies simple and will allow you to easily monitor progress resolving the inconsistencies. Search for anomalies in user behaviour When working to reduce the risk of cloud services, much attention is paid to the risk profile of the cloud services themselves. However, often times perfectly safe and secure cloud services can be the source of a data leak if an internal employee is acting maliciously. Unfortunately, no proxy, firewall, or SIEM can alert the organization of malicious use of a legitimate service. So, the best practice is to leverage a cloud services management product that has the ability to identify usage anomalies that are indicative of malicious behaviour. Conduct investigations into anomalous behaviours While a cloud service anomaly, such as the Twitter example mentioned above, is a very good indicator of malicious behaviour, and investigation must be conducted in order to determine the context and intent of the anomalous behaviour. For example, the user associated with the IP address that had 1M tweets may have simply contracted a malware virus that had seized her Twitter account, or she could have
been intentionally leaking confidential data. In most cases, the best practices is to look for a legitimate business use case, compare their activity to benchmarks, and then contact the line of business manager and corporate security to alert them of the issue, monitor their activity, and intervene if needed. Encrypt data going to key services It is prudent to add another layer of security to the most critical cloud services in your organization. The first step is to identify services that are enterprise-critical, blessed, and procured, such as Salesforce, Box, Office365, and Google. Access to those services should require that employees to use their corporate identity and then access to your enterprise's account at the service. For example, their traffic would go to acme.salesforce.com, rather than directly to salesforce.com. This means that you can then control who has access the account, and what happens to the data sent to this service. The best practice is to leverage a reverse proxy to encrypt data sent to these services with your enterprise managed encryption keys. In doing so, you guarantee that even if the provider is compromised, your data will not be. Finally, you will need to ensure that your control is enforced for on-premise to cloud accesses and for mobile to cloud access. This should be done without requiring the traffic from those devices to be back-hauled (through a VPN) into your enterprise edge first to avoid introducing user friction. Doing this will provide 2 distinct advantages. The first obvious advantage is that even if the service is compromised, your data will not be because you hold the encryption keys. The second advantage is that in this era of limited data privacy, this encryption guards against a blind government subpoena. Microsoft, Google, and Box, for example, often receive subpoenas from the government asking for information for a particular company, with a gag order prohibiting them from alerting that company. By encrypting the data that lives within the cloud, the company can ensure that it is notified of any investigation, as it will need to provide the encryption keys to government investigators. Implement Data Loss Prevention (DLP) guidelines to avoid compliance risk Any enterprise that utilizes cloud services should be careful about sending confidential data to the cloud, but if you work in a regulated industry, such as healthcare or financial services you must be extra vigilant. Within a regulated
industry, sending confidential client information to the cloud can result in a serious compliance violation that would damage the reputation of the company and result in serious financial penalties. Specifically, healthcare companies must comply with HIPPA regulations, banks and financial institutions must comply with PCI guidelines and almost every company must comply with SOX regulations. Complying with these regulations. Any company using the cloud must have a DLP strategy in order to comply with these regulations. Proxies and firewalls cannot protect against the incidental transmission of personal information, so your cloud data security management product should be able to provide DLP functionality to help prevent sending confidential client information to the cloud. Track progress regularly Managing the risk of cloud services is not a point in time exercise. You will need to continually monitor the use of cloud services since new services hit the market daily and your employees will constantly seek the latest tools to help them do their jobs. In order to drive a successful and quantifiable risk management program you will need to determine which metrics to track and develop a methodology for gathering the data on a regular basis.

Recommended

Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
Mira Nuraeni
 
Uptown
Uptown Uptown
Uptown
ckelley6
 
Tema: tipometría
Tema: tipometríaTema: tipometría
Tema: tipometría
Montse Villa
 
Classroom management
Classroom managementClassroom management
Classroom management
shahieb sahabat
 
Preliminary Core 1 Better Health for Individuals
Preliminary Core 1 Better Health for IndividualsPreliminary Core 1 Better Health for Individuals
Preliminary Core 1 Better Health for Individuals
s06251
 
Uptown final
Uptown finalUptown final
Uptown final
ckelley6
 
Your Survival Guide to Money and Investing During Retirement
Your Survival Guide to Money and Investing During RetirementYour Survival Guide to Money and Investing During Retirement
Your Survival Guide to Money and Investing During Retirement
Strategic Income Advisors
 
охрана животных
охрана животныхохрана животных
охрана животных
Mariam Ohanyan
 

Recommended

Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
Mira Nuraeni
 
Uptown
Uptown Uptown
Uptown
ckelley6
 
Tema: tipometría
Tema: tipometríaTema: tipometría
Tema: tipometría
Montse Villa
 
Classroom management
Classroom managementClassroom management
Classroom management
shahieb sahabat
 
Preliminary Core 1 Better Health for Individuals
Preliminary Core 1 Better Health for IndividualsPreliminary Core 1 Better Health for Individuals
Preliminary Core 1 Better Health for Individuals
s06251
 
Uptown final
Uptown finalUptown final
Uptown final
ckelley6
 
Your Survival Guide to Money and Investing During Retirement
Your Survival Guide to Money and Investing During RetirementYour Survival Guide to Money and Investing During Retirement
Your Survival Guide to Money and Investing During Retirement
Strategic Income Advisors
 
охрана животных
охрана животныхохрана животных
охрана животных
Mariam Ohanyan
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
Neo4j
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
OnePlan Solutions
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java Developers
EmilyJiang23
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
Henry Schreiner
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
mbmh111980
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Victor Lopez
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
Alluxio, Inc.
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
rajkumar669520
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
Srushith Repakula
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Andreas Granig
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
Markus Moeller
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
Mehmet Akar
 
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
XongoLab Technologies LLP
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
Furqanuddin10
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
DeskTrack
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
vaibhav130304
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data Migration
Help Desk Migration
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
Mok TH
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
Shane Coughlan
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

More Related Content

Recently uploaded

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
mbmh111980
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
Alluxio, Inc.
 

Recently uploaded (20)

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
INGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by DesignINGKA DIGITAL: Linked Metadata by Design
INGKA DIGITAL: Linked Metadata by Design
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java Developers
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdfMastering Windows 7 A Comprehensive Guide for Power Users .pdf
Mastering Windows 7 A Comprehensive Guide for Power Users .pdf
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
 
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
A Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data MigrationA Guideline to Zendesk to Re:amaze Data Migration
A Guideline to Zendesk to Re:amaze Data Migration
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

How to protect encrypt data and avoid data loss prevention on cloud

  • 1. How To Protect Encrypt Data And Avoid Data Loss Prevention On Cloud Detect and remediate policy inconsistencies Policy inconsistencies can occur in two ways. In the first type of inconsistency, there is a high-risk service that is allowed, while another, lower risk service is blocked. In this instance, make a policy decision to block both, allow both, or allow only the lower risk service. All three options would eliminate the inconstancy, but you will need to determine which option makes the most sense for your business. The second type of inconsistency occurs when a service is partially blocked. Sometime there is a legitimate reason for this type of inconsistency (e.g. Marketing needs access to Facebook but other departments do not. More often than not, this type of inconsistency occurs because the infrastructure cannot keep up with the velocity of new cloud services being introduced and used by employees and therefore many service fall in the unclassified category. Using a cloud service management product that has an extensive registry of services and automatically visualizes allowed vs. denied traffic will make identifying both types on inconsistencies simple and will allow you to easily monitor progress resolving the inconsistencies. Search for anomalies in user behaviour When working to reduce the risk of cloud services, much attention is paid to the risk profile of the cloud services themselves. However, often times perfectly safe and secure cloud services can be the source of a data leak if an internal employee is acting maliciously. Unfortunately, no proxy, firewall, or SIEM can alert the organization of malicious use of a legitimate service. So, the best practice is to leverage a cloud services management product that has the ability to identify usage anomalies that are indicative of malicious behaviour. Conduct investigations into anomalous behaviours While a cloud service anomaly, such as the Twitter example mentioned above, is a very good indicator of malicious behaviour, and investigation must be conducted in order to determine the context and intent of the anomalous behaviour. For example, the user associated with the IP address that had 1M tweets may have simply contracted a malware virus that had seized her Twitter account, or she could have
  • 2. been intentionally leaking confidential data. In most cases, the best practices is to look for a legitimate business use case, compare their activity to benchmarks, and then contact the line of business manager and corporate security to alert them of the issue, monitor their activity, and intervene if needed. Encrypt data going to key services It is prudent to add another layer of security to the most critical cloud services in your organization. The first step is to identify services that are enterprise-critical, blessed, and procured, such as Salesforce, Box, Office365, and Google. Access to those services should require that employees to use their corporate identity and then access to your enterprise's account at the service. For example, their traffic would go to acme.salesforce.com, rather than directly to salesforce.com. This means that you can then control who has access the account, and what happens to the data sent to this service. The best practice is to leverage a reverse proxy to encrypt data sent to these services with your enterprise managed encryption keys. In doing so, you guarantee that even if the provider is compromised, your data will not be. Finally, you will need to ensure that your control is enforced for on-premise to cloud accesses and for mobile to cloud access. This should be done without requiring the traffic from those devices to be back-hauled (through a VPN) into your enterprise edge first to avoid introducing user friction. Doing this will provide 2 distinct advantages. The first obvious advantage is that even if the service is compromised, your data will not be because you hold the encryption keys. The second advantage is that in this era of limited data privacy, this encryption guards against a blind government subpoena. Microsoft, Google, and Box, for example, often receive subpoenas from the government asking for information for a particular company, with a gag order prohibiting them from alerting that company. By encrypting the data that lives within the cloud, the company can ensure that it is notified of any investigation, as it will need to provide the encryption keys to government investigators. Implement Data Loss Prevention (DLP) guidelines to avoid compliance risk Any enterprise that utilizes cloud services should be careful about sending confidential data to the cloud, but if you work in a regulated industry, such as healthcare or financial services you must be extra vigilant. Within a regulated
  • 3. industry, sending confidential client information to the cloud can result in a serious compliance violation that would damage the reputation of the company and result in serious financial penalties. Specifically, healthcare companies must comply with HIPPA regulations, banks and financial institutions must comply with PCI guidelines and almost every company must comply with SOX regulations. Complying with these regulations. Any company using the cloud must have a DLP strategy in order to comply with these regulations. Proxies and firewalls cannot protect against the incidental transmission of personal information, so your cloud data security management product should be able to provide DLP functionality to help prevent sending confidential client information to the cloud. Track progress regularly Managing the risk of cloud services is not a point in time exercise. You will need to continually monitor the use of cloud services since new services hit the market daily and your employees will constantly seek the latest tools to help them do their jobs. In order to drive a successful and quantifiable risk management program you will need to determine which metrics to track and develop a methodology for gathering the data on a regular basis.