Use of the cloud for the storing and access of data has fast become mandatory, particularly for companies experiencing growth. SMEs across the globe find themselves facing the same challenges; how do we secure our data, and how can we avoid our company from becoming the next infamous news headline?

It’s easy to see why data classification and protection in the cloud is such a priority. The cyber security industry is awash with stories about the alarming rise in cyber crime, and mainstream media is unabashed in its displaying of the latest incidents, many of which are caused by simple internal threat via negligent employee behaviour.

Just recently, approximately two hundred million US citizens were found to have their personal data available on a publicly accessible cloud server that didn’t even have a password.

With this established, what can be done by the average business to implement proper cloud data protection in this demanding digital age? Do the benefits outweigh the risks?

Three-Stage Approach

Discover, classify, govern. These are the three distinct phases in proper cloud data protection.

By segmenting the task of achieving proper data security into these areas, any business can expect to finish its work with a comprehensive list of all available data and a clear process for its classification and management.

First, of course, is the discovery phase. This is largely an audit process, with the business asking itself what data it owns and where it is created. Once this is established, further steps include confirming throughout the full data list the date of item creation and who it was created by. Lastly, the discovery phase should finalise this new list of details with confirmation of who can access each item of data.

This naturally leads into the realm of data classification. An effective data classification solution exists for this process, with modern technology making the process simpler for small and large businesses both. To effectively classify data, a tiered list of sensitivity is established and then applied to the data your organisation holds. Sensitive data is labelled as such and then kept secure by the data classification system in place.

The security level and category of all items of data are confirmed at this stage, allowing for the classification of items stored in the cloud.

Lastly, governance is begun; the ongoing task of ensuring compliance with processes and requirements for keeping data secure.

Confirmation on how to monitor your data is important at this stage, as well as agreement on policy and steps taken should further incidents occur. Business continuity forms a large part of this stage, with the handling of violations a critical aspect to formalise.

The Consequence of Non-compliance

As the US has experienced recently with its voter information leak, the consequence for poor data classification and data protection are severe. In a fast-moving, socially connected world, businesses can suffer tremendous damage to brand and value through a single incident.

Although 2016 showed us that companies are working more collaboratively and securely in the cloud, there is still much to be done and standards to be raised collectively. Cyber-attacks have become an industry, with companies that offer powerful data protection software rising in turn to meet security requirements.

Attacks which include those on cloud-based data were estimated in 2016 alone to have cost UK business over thirty-four billion Pounds. This staggering figure is a clear indication of the consequence should inadequate data protection be implemented. Combined with damage to reputation and brand, the writing is very much on the wall where compliance is concerned.

The capability of data classification, identity access management and user behaviour analytics software to safeguard a company’s digital assets (cloud-based or otherwise) is significant indeed, offering a scalable response to the problem.

With the cloud having long since become mandatory for many businesses to remain competitive, investment in cloud data security is advised sooner rather than later to avoid severe damages.

HANDD are independent specialists in global data security, and work with some of the leading vendors in the security market. Established 10 years ago, our goal is to provide customers with industry leading solutions that analyse and protect data through every aspect of its journey.