Everyone is talking about data security and its importance, but what does that practically look like? Let’s take a look…

 

Our newly released Cloud Security Report showed a startling trend in the data. Data breaches have now surpassed misconfigurations as the chief cause of concern in terms of cloud security incidents — And it’s no wonder…

Last year it was reported that almost half of companies have at least one database or storage asset exposed to the public internet. While this isn’t necessarily a bad thing, when you add in the prevalence of misconfigurations, vulnerabilities, and the like…the potential for a breach begins to grow rapidly.
So, I think it’s fair to say that data security should be a top concern for everyone, but what does a good data security posture management (DSPM) strategy look like?

Allow me to walk you through it.

1. Discovery and visibility

I feel like I’m constantly saying the same things. No matter what content I am creating, if it has to do with cloud security, the leading principle is visibility. “You cannot protect what you cannot see”. This holds true to data security as well. So, how does this happen? The TLDR is that data security services provide pre-configured criteria, that when met, signifies data as ‘sensitive’. Most services like this also allow you to create custom criteria as well, and in some cases, you can combine the two. These criteria, when combined with machine learning and meta data clustering allow us to accurately identify any sensitive data in our storage environments.

Pre-configured data criteria in Amazon Macie

2. Classification

I won’t stay on this point for too long. Technically, this step occurs just after data is identified (although to most users it will feel like it occurs simultaneously). It is then classified based on the triggering criteria i.e. a string of numbers is identified as sensitive because it meets the criteria for a social security number, then it is classified as PII. The best way to see this in action is to test it. You can spin up an S3 bucket, fill it with ‘dummy data’ and watch your DSPM job detect, and label based on the criteria that you specified.

How CloudGuard visualizes data classification in sensitive assets

3. Context and monitoring

Once our data has been discovered and classified, we need to gain more contextual information about it. “Where does this live by default?” “Where has it been copied or moved to?” “Who is accessing my data?”. These are just a few examples of the information that a good data security solution will start to gather. This helps the LLM’s to establish patterns or baselines so that the data can be monitored effectively. Continuous monitoring is required for certain data protection regulations, so special attention should be paid to your monitoring and logging capabilities.

4. Contextual risk assessment

Not all data is equally sensitive. For example, my personal email address being leaked is nowhere near as concerning as my social security number. Having tools in place that can rank data based on its sensitivity is a must here. To take it a step further, a security platform, like CloudGuard CNAPP can alert you to your riskiest assets based on several different factors to ensure that your attention is on the security risks that can really hurt you. This leads me into the final step of a good DSPM strategy.

CloudGuard’s Risk Management dashboard alerts you to sensitive data risks

5. Remediation and Response

DSPM is largely preventative in nature, but that doesn’t mean that you shouldn’t be prepared in case of an incident. A good strategy will identify and analyze the risks to your data, and help you triage which assets need priority remediation, and which ones can wait. With this knowledge, your DevOps and SecOps teams are able to better collaborate together to ensure that high risk assets are remediated quickly, and that productivity is not impacted in a negative way.

Great! What now?

The good news is that even though data security is technically complicated, it’s easy to get the protection you need. Check Point has partnered with industry leaders in the data security space, including Amazon Macie, Microsoft Purview, and we’ve a newly announced partnership with Sentra. Meaning that CloudGuard customers have the best cloud security, and now they have the best data security as well.

If you’d like more information about our partnership with Sentra, you can read the press release.

You may also like