Boldon James - HelpSystems Company Logo

Classification in the Cloud

Reading Time: 5 minutes

Cloud-based work environments are both convenient and cost-effective, especially in today’s remote world, but can present a challenge when it comes to meeting both regulatory compliance requirements and ensuring the protection of sensitive data. In order to maintain the protection of sensitive data when moving to and from the cloud, a consistent data-centric protection approach is critical. Let’s start by looking at the significance the cloud-based environment holds for organisations in today’s world.

The Rise and Benefits of Cloud-Based Work Environments

The rise of remote work and the change of structure in the work environment due to the pandemic has an increasing number of organisations and clients relying on cloud-based solutions for collaboration. Having a cloud-based work environment provides many benefits, with some of the prominent ones being convenience and cost. A cloud-based work environment allows organisations to connect and work with anyone, anywhere, with minimal effort. This is especially key in today’s post-pandemic remote world with many organisations expanding globally.

Another reason we’re seeing more organisations move to cloud-based environments is due to much lower costs. With a cloud-based environment, organisations only need to pay for the resources that they use and have none of the upkeep costs that would be associated with on-premises solutions such as hardware, power consumption, and space. These benefits are some of the biggest drivers of the rise in the number of organisations using cloud-based environments for storage, content sharing, and work-related tasks.

Cloud-Based Data Breaches are a Growing Concern

However, with the rise of the usage of cloud-based environments also comes the rise of cloud-based data breaches. The more data in the cloud, the more chances there are for that data to be exposed, be it accidental or intentional. HelpSystems’ recent CISO Perspectives: Data Security Survey 2022 states that since 2020, global organisations have created more data than ever and that it is spread across a larger potential attack surface. The survey reported that 52% of CISOs said that cyber threats have become fiercer in that time period. Echoing those results, the IBM report Cost of a Data Breach: A View from the Cloud states that in 2020, the number of records exposed in cloud-based data breaches grew, as well as the severity of the breaches, despite an overall decline in the number of breach incidents, and reported seeing these numbers rise again in 2021. In addition to the number of breached records rising, the IBM report also showed that the cost of a data breach for organisations that had higher levels of cloud migration was much higher at $5.12 million, as opposed to $3.46 million for organisations with lower levels of cloud migration.

The rise in both breached records and data breach costs in a cloud-based environment have organisations concerned about the security of their sensitive data. In the HelpSystems CISO Perspectives: Data Security Survey 2022, when asked about breach impact and which implications they fear most, 64% of respondents cited sensitive customer data exposure/breach. In order to mitigate data breaches, data security needs to be at the top of every organisation’s security strategy to ensure appropriate protection controls are applied to sensitive data wherever it travels.

The Challenge of a Cloud-Based Environment

Data security is one of the biggest challenges in a cloud-based environment, especially among organisations that have very sensitive information such those in the government, banking, and healthcare industries. While organisations are concerned about the impact of a breach of their sensitive data, many of them do not actually know what sensitive data they have. Another finding from the HelpSystems CISO Perspectives: Data Security Survey 2022, was that 63% of respondents said the biggest challenge for their organisation was data visibility, knowing what they have, where it lives, and who has access to it. Furthermore, 36% of respondents said that the biggest challenge facing their organisation today when considering data security was transitioning to the cloud.

These two issues are intrinsically linked, as not knowing what data you have, where it lives, and who has access to it, naturally makes you concerned about moving unknown data into a cloud-based environment where there may be less control and security. But what if your organisation already has a data classification solution and all the data you hold is classified?

Even if you have a data classification solution in your regular work environment, if you’re using a non-specialist provider, you may only be getting basic functionality and not the support and protection your organisation truly requires. Data classification within an organisation needs to go beyond the borders of the basics and be able to classify all file types, while also understanding the classification values within alternative file stores in the business, such as the cloud. A basic classification solution often will not carry the visual labels and metadata applied to data over to a cloud-based environment, thus not giving a clear picture of what data you have in the cloud or what happens to your data while in the cloud.

Traditional security tools struggle to effectively monitor data moving to and from the cloud and between cloud platforms, which can lead to a failure to identify fraudulent use of data in the cloud, unauthorised downloads, and malware in the cloud. This is where adding cloud-based data classification from a specialist provider becomes essential to protecting your data.

How Specialised Cloud-Based Data Classification, DLP, and DRM Can Help

If you know what data you have, where it is, who has been accessing it, and what needs to be protected while in the cloud, that will eliminate many of the concerns about moving data to a cloud-based environment. Implementing a specialised cloud-based data classification solution extends data classification from your initial environment into your cloud-based environment, providing data visibility and security. When data is uploaded or migrated to the cloud, it will retain any classification given in the initial environment through metadata, as well as automatically align with your information security policies set for that initial environment. This in turn, allows your downstream security solutions, such as DLP, to continue to protect data in the cloud.

Having classified data in the cloud allows your DLP solution to determine who has access to what data in the cloud, based on their permissions, just as they would in your initial environment. If someone tries to access a document that they do not have permission to access or tries to downgrade the classification level of a document in the cloud, a DLP solution will deny access and the cloud-based data classification solution will log that as activity within the cloud. These reporting capabilities of data classification are especially important in the cloud as you can see what is getting uploaded and downloaded to and from the cloud and who has accessed what data. This allows you to catch any unauthorised access or data breaches early on, drastically mitigating damage.

Implementing a cloud-based data classification solution is a critical step toward protecting sensitive data in the cloud. However, in a cloud-based environment, data and files naturally move back and forth across organisational boundaries and all too often, the events that lead to data breaches can occur outside the organisation entirely. This is where having a DRM solution in addition to a cloud-based data classification solution is key to protecting sensitive data in motion.

A DRM solution wraps the data in an encryption code, so it is protected wherever it goes and only the intended recipient will be allowed access through an encryption key they request. Having data classified in cloud lets you know which documents contain sensitive material and need to be encrypted by your DRM solution. While you may take the utmost care with data under your control, it is almost impossible to fully control the ways that everyone else in your ecosystem behaves. This is why having data centric solutions, such as cloud-based data classification and DRM, are so essential as they focus on protecting the data itself.

Protecting Sensitive Data in the Cloud

With the world quickly moving toward the convenient, cost effective, and collaborative cloud-based environment, a vast number of organisations are deploying cloud-based data security solutions to ensure their data stays protected. When organisations were asked what method they would use to deploy new data security software for 2023 in the HelpSystems CISO Perspectives: Data Security Survey 2022, 20% said via the cloud, and 68% said both in the cloud and on-premises. That is 88% of organisations deploying cloud-based data security software within the year! What steps will your organisation be taking this year to ensure the security of sensitive data in the cloud?