How to Protect Your Cloud Data Platform
Teresa Wingfield
February 2, 2023
The Cost of a Data Breach Report 2022, conducted by Ponemon Institute, found that data security breaches now cost companies $4.34 million per incident on average – the highest cost in the 18-year history of the report. Forty-five percent of all breaches were cloud-based. This percentage is likely to increase, given that 43% of organizations had not started, or were in the early stages of applying practices to secure their cloud environments.
Cloud data platforms are attractive targets for threat actors, given that they can be a treasure trove of customer, sales, and financial data. Protecting this data must be a priority and involves multiple approaches. Although necessary and important, think of data security as table stakes for data platform protection. Data governance, compliance, and security automation features also play significant roles in data platform protection, as I will explain.
Data Security
Strong data security is the foundation for protecting cloud data platforms. It includes safeguards and countermeasures to prevent, detect, counteract, or minimize security risks. Here’s a previous blog that covers many of the data security controls you’ll need to keep your data platform safe, including user authentication, discretionary access control, role separation, and encryption (at rest and in motion). Here’s another blog on protecting cloud services with isolation, a single-tenant architecture, a key management service, federated identity/single sign-on (SSO), and end-to-end data encryption.
Data Governance
Data governance determines the appropriate storage, use, handling, and availability of data. Your cloud data platform will need to provide fine-grained techniques to prevent inappropriate access to personally identifiable information (PII), sensitive personal information, and commercially sensitive data, while still allowing visibility to pertinent data attributes. For example, data masking is a technique frequently used to hide information. Because sensitive data de-identification is a mandatory requirement for achieving PCI DSS, GDPR, and HIPAA compliance, the ability to mask or redact sensitive fields is necessary for cloud data platform security in industries governed by these regulations.
In addition, a role-based security model provides a way for administrators to control user and group access. According to the role the user or group is expected to perform within the organization, role-based security policies will help you reduce the time and effort to comply with data and privacy regulations, without compromising the usefulness of data to intended consumers.
Compliance
Regulatory compliance can be broadly defined as the adherence to laws, regulations, and guidelines created by government legislations and regulatory bodies applicable to an organization, based on the industry and jurisdiction in which it operates.
Audit logs form a critical part of data protection and compliance because they record all or specified classes of security events for the entire cloud data platform installation. Selected classes of events, such as use of database procedures or access to tables, can be recorded in the security audit log file for later analysis. Security alarms enable you to specify events to be recorded in the security audit log for individual tables and databases. Using security alarms, you can place triggers on important databases and tables. If any user attempts to perform an access operation that is not normally expected, the security alarm will raise an alert.
Automation
Security automation is the automation of security tasks, so they require less human assistance. This provides numerous benefits to an organization by enabling security teams to scale to handle growing data, workloads, and security threats. Automation is useful to find threats faster and ensure preventative measures are implemented in a timely manner. Patches are a perfect candidate for automation in a cloud data platform. If these aren’t deployed when they become available, cyber attackers will have a window of opportunity to exploit a vulnerability.
Check Out the Actian Data Platform
If you’re evaluating cloud data platforms, be sure to include the Actian Data Platform. It offers comprehensive data security, data governance, compliance features and security automation for on-premises and cloud deployments.
Subscribe to the Actian Blog
Subscribe to Actian’s blog to get data insights delivered right to you.
- Stay in the know – Get the latest in data analytics pushed directly to your inbox
- Never miss a post – You’ll receive automatic email updates to let you know when new posts are live
- It’s all up to you – Change your delivery preferences to suit your needs