Maintain Control of Your Most Sensitive Content With a Private or On-Premises Cloud
Anyone who has ever manufactured and sold a product in a competitive market will attest to Benjamin Franklin’s truism, “the bitterness of poor quality remains long after the sweetness of low price is forgotten.” The desire to spend less and save more is essentially a survival instinct. In business, saving money could get you promoted. In cybersecurity, however, saving money could get you fired.
Third-party workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and exiting your organization. A comprehensive defense entails securing, monitoring, and managing all third-party workflows, including secure email, SFTP, and secure file sharing, among others.
In my last blog post, I examined how unifying access to enterprise content repositories provides an internal security checkpoint allowing you to protect your organization’s most valuable information. In this post, I’ll explain why the lure of low-cost cloud storage should be resisted when storing highly sensitive information.
What is Your Sensitive Data Worth?
If you knew your sensitive data was worth a billion dollars, would you spend a billion dollars to protect it? Is it even possible to quantify the value of your sensitive data? Perhaps it’s easier to estimate the cost of a data breach. Before you answer, consider all that goes into data breach remediation. Forensics, legal counsel, public relations, and regulatory fines are only some of the related costs. There is a lot of subjectivity in estimating a cost, however, a 2019 report projects an average data breach costs a company approximately 3.9 million USD. For healthcare companies, the expense is almost double: 6.5 million USD. (By contrast, another report cites the average cost of a public sector data breach is 2.3 million USD.)
At these estimates, a data breach can be catastrophic for smaller companies. While larger organizations are better equipped to navigate a multi-million dollar data breach, the longer-term damage, including class action litigation and revenue loss from consumer backlash, may prove insurmountable.
You Get What You Pay For
A low cost public cloud storage solution may look appealing, but looks can be deceiving. To put a modern, less eloquent spin on Franklin’s axiom, “you get what you pay for.” Public cloud storage solutions are typically engineered for flexibility and functionality, rather than security or privacy. In addition, small and medium sized businesses will outsource cloud storage management and maintenance responsibilities to a managed security service provider (MSSP) or cloud access security broker (CASB). When these third-party service providers forget to enable basic security capabilities, they expose the contents to anyone with an internet connection. Unfortunately, these mis-configuration data breaches have exposed the PII and PHI of millions of people in several high profile breaches.
Hackers aren’t the only parties trying to access sensitive information stored on public cloud servers. The U.S. Federal Cloud Act of 2018 allows U.S. law enforcement agencies to subpoena technology companies for access to data stored on their servers, regardless of whether the data is stored in the U.S. or on foreign soil. In plain English, if your sensitive data is stored on a public cloud, it can be collected in bulk without your knowledge or approval.
Take Complete Control of Your Sensitive Data
Thankfully, businesses have several deployment options for securing their sensitive data and each one is significantly more secure than a public cloud option. With a private cloud, FedRAMP virtual private cloud, or on-premises deployment, businesses protect sensitive data like customer records, financial statements and intellectual property from unauthorized access. Critical security features and capabilities such as data encryption and encryption key ownership ensure only authorized users have access to your prized digital assets.
Managing your own system doesn’t have to be difficult or costly either. Most organizations have sufficient IT expertise to manage a private or on-premise cloud on their own and reach efficient economies of scale in a timely manner.
Now that you know the risks associated with storing your sensitive information in a public cloud, it’s time to explore the nuts and bolts of securing that data. Next time, I’ll discuss the importance of encrypting your sensitive content in transit and at rest.
To learn more about how to build a holistic defense of the third-party workflow threat surface, schedule a custom demo of Kiteworks today.
Additional Resources
- GlossaryRisk Security Management
- Blog PostUnderstanding Data Security And GDPR
- GlossaryThird-Party Risk Management
- Blog PostGuide to Information Security Governance And Security
- GlossaryCybersecurity Risk Management