Cloud storage services have evolved significantly in terms of their ability to provide data security, as well as their ability to comply with data privacy regulations such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This being established, IT professionals must remain discerning to ensure that their cloud provider offers the levels of protection that their organization specifically requires.
One fundamental capability is encryption. Encryption has become foundational to security due to the increasing proliferation and sophistication of malware such as ransomware, and due to the fact that data is being accessed and stored across a very broad range of devices and IT infrastructures. When it comes to the cloud, service providers are bolstering their encryption capabilities, but oftentimes enterprises may desire or require additional checkpoints and control. Enterprise key controllers can be useful in bringing that power back to the client organization, because they enable the organization to manage their own encryption keys within the boundaries of their own firewall. Some encryption key managers are highly flexible and granular, for instance offering the ability to create keys for specific, individual blocks of data.
It is also salient to note that not all data centers are created equal when it comes to building a secure data center infrastructure. Cloud providers use various types of encryption, and they employ various policies and procedures for data protection. Meanwhile, not all will comply with standards such as the Federal Information Processing Standards (FIPS) that regulate activities such as document processing for certain industries, such as the public sector. The geographic location of the cloud provider’s data centers is also important. Especially in the era of data sovereignty, enterprises require flexibility in terms of where their data is being outsourced to.
Policy-driven retention is also becoming an important capability as data protection increasingly expands to cover compliance. Enterprises need to know that they are retaining the data they need to retain for however long they need to retain it. But it is also important, from a budgetary perspective, that they delete older data whenever possible.
At the crux of any modern data protection strategy is the endpoint, because of how heavily employees leverage mobile devices such as laptops and smartphones to do their jobs on a daily basis. There is also the concern of how at-risk endpoints are to theft, loss and malicious attacks. Storage Switzerland’s joint webinar with Carbonite, “Is It Time to Upgrade Your Endpoint Data Strategy?”, has more detail on how to leverage the cloud to protect your endpoints.