BlueXP Blog

Data Privacy Protection Challenges in Cloud-based Storage

Written by Amit Ashbel, Senior Marketing and Strategy Manager | Mar 1, 2020 1:59:32 PM

Cloud-based storage and file-sharing services: they're some of the most common examples of cloud technology. They're highly affordable, easy to use and widely accessible. They allow us to access our work at home, in the office or wherever we have an internet connection. And we can collaborate with our colleagues whatever our location.

But, as well as boosting productivity, cloud-based storage and file-sharing services present significant data privacy challenges to the modern enterprise. When left unchecked, these services can  become a form of shadow IT, where unplanned, unstructured data is dispersed across a wide variety of storage services—often without the knowledge of data security teams.

So how do protect what you cannot see? This post explores the problem of storing sensitive data on these cloud-based services and looks at the type of technology that can provide a solution.

Why Is Privacy Such an Issue?

Much of the data that organizations host in cloud-based storage services is in the form of text-based documents that reside outside the confines of traditional enterprise applications and database management systems.

What's more, many of the widely used file-sharing platforms are consumer-grade services, which aren't designed with enterprise cloud data protection in mind.

As a result, companies have no easy way of keeping track of that data in order to meet their compliance and security objectives. Moreover, until recently, data privacy regulations didn't adequately address the protection of data privacy with these types of services. So companies tended to focus more on the data that came under IT's control.

But now the data protection landscape has changed. The guidelines under new legislations, such as GDPR and CCPA, are far more explicit. And businesses need to closely track and protect data they previously treated with relative indifference.

What Data Is at Risk?

Sensitive data we store on a whole host of cloud-based productivity tools, such as Office 365, Google Drive and Evernote, could be at risk. According to research conducted by security software giant McAfee, Microsoft Excel documents are of particular concern, accounting for around 31% of all documents containing sensitive data in the cloud.

Specific types of sensitive data include:

  • Personally identifiable information (PII) such as names, home addresses, telephone numbers, social security numbers, and passport numbers.
  • Protected health information (PHI) such as patient diagnoses and medical treatments.
  • Financial and payment data such as credit and debit card numbers, bank statements, mortgage documentation, spreadsheets, trading algorithms, and business plans.
  • Confidential data such as classified documents, patents, intellectual property, marketing intelligence, source code, contracts, NDAs, building plans, student examination material, unpublished research, presentations, scanned documents, and archives.

How to Protect Your Data: The Challenges

In order to meet the stricter requirements of new data protection regulations, you'll need to address the following challenges presented by cloud-based productivity tools.

Data Sharing

First, you’ll need safeguards in place to prevent incorrect sharing settings, which could result in sensitive data ending up in the wrong hands. But permissions aren’t the only problem.

Simply sharing your data, whether internally within your organization or externally with outside collaborators, increases the number of potential entry points for hackers. For an enterprise, which inherently has a large number of users, this significantly increases the attack surface and thereby the risks to compliance and security.

Visibility and Control

A number of cloud-based file-sharing systems afford some level of data stewardship by giving organizations full central administrative control of users and their data. This is ideal if your business only uses one or two such applications,but, in an enterprise environment your workforce could be using dozens or even hundreds of different productivity tools.

So you'll need a way to oversee everything from a single point of control. This will avoid costly and labor-intensive hands-on management, which can lead to mistakes and gaps in your compliance and security.

Right-to-Access Requests

You're likely to encounter significant difficulties fulfilling right-to-access and right-to-be-forgotten requests without a complete picture of the data you store about your customers.

So you'll need a method of identifying all the information you hold about a data subject regardless of how it's stored—whether in a clearly structured format on in-house systems or in an unspecified form hosted in the cloud.

BYOD

BYOD (bring your own device) and cloud-based storage are natural bedfellows. However, providing access to company data from any device, anywhere also comes with a downside.

When a device leaves your premises it's far more difficult to manage and control. So it's harder to prevent a user from connecting to the cloud over an insecure wi-fi connection or shopping online at a compromised website. What's more, portable devices are far likelier to be lost or stolen, increasing the risk of data exposure.

Education

Cloud storage services are often a target for hackers. This isn't because of the security of the services themselves, which generally encrypt your data both in transit and at rest, but the weak security measures of the users themselves. Therefore privacy awareness is just as important when it comes to using cloud-based storage services as it is to traditional enterprise applications.

For example, employees should under no circumstances share access credentials with anyone. You also should promote or enforce the use of strong passwords and password management software to help keep hackers out.

In addition, you should remind users about the dangers of phishing, spyware, and malware attacks—through which hackers can access employee login credentials and steal sensitive data.

AI Is Key

Data is essential to modern enterprises, helping them to make more informed business decisions and better serve their customers. However, companies are using an ever-increasing number of collaborative storage services and data collection points. And this is growing out of control.

At the same time, many of them still use outdated data protection tools that rely on manual rules. These simply aren't cut out to support the sheer volume and different types of data stored in cloud-based storage and file-sharing services. Full visibility and control over this data calls for a different approach, using new technologies such as artificial intelligence (AI) and machine learning (ML).

These solutions have the capability to analyze and categorize your dark data. They can learn to recognize sensitive information within that data, regardless of where it resides. And they can help you implement governance policies so you remain compliant and your data stays secure—all through a central point of control. NetApp Cloud Volumes ONTAP, Azure NetApp Files, and Amazon S3 users can now benefit from this type of compliance control through the use of the new NetApp Cloud Compliance.

Cloud Compliance makes it possible for your data in the cloud to be discovered, organized, and reported on automatically through the use of an intelligent, context-aware AI. Your workforce no longer needs IT expertise to be able to leverage technology and improve its productivity. But that shouldn't be an excuse to absolve your compliance responsibilities.

Convenience and efficiency shouldn't come at the cost of cloud data privacy and security. So make sure you exploit the new breed of intelligent data protection solutions that are available on the market today.