Data Security is a major concern that most organizations think about when they think of cloud computing. In the cloud, when organizations store their data, the data can be located within their country, or even across the globe. Since the data is not physically located in an organization’s data center, Data Security has become a new focus when organizations think about moving to the cloud. And this comprises of both the hardware and software components in the cloud architecture.

While some European countries are bound by GDPR rules (data privacy laws for protecting European nationals sensitive data) where they have to have their VPNs located in their own country, an organization has the freedom to store their data in any of the locations listed by the cloud provider, but the data still lies outside the organization’s premises.

Confidentiality, Integrity, and Availability are the three main pillars of Data Security.

Confidentiality

Every organization wants their sensitive data to be protected and secured from unauthorized access. Data should be given access to only the intended people and anyone else that is unauthorized to access that data should be denied access when he tries to access it.

An organization can enforce access controls and authentication methods to users in their organization and deny any other access that comes from outside the organization. An organization can also store the sensitive data in a different VPN from data that is accessed regularly by other users. This data can also be encrypted to keep it more secure as the data would be unreadable to anyone who doesn’t have the key.

Integrity

Data integrity is the means to keep the data from being modified. An organization wants their data to be protected from being accidently deleted, modified without version history, malicious reasons to alter data, etc.

Data integrity can be achieved by using a standalone system to store data. A database can be stored in a separate VPN and certain access controls can be put in place to achieve integrity. This ensures data remains protected from alterations, and version history enabling is also provided by the cloud so a backup of previous changes are also recorded. Delete option can also be disabled to every user and only enabled for the admin.

Availability 

Data availability ensures that data access is always available to the organization. This means data should be available at all times whenever anyone wants to access it with minimal downtime. For example, during a natural disaster, an organization may face downtime due to power outage, or collapse of data center due to an earthquake, etc., where it would take a while for the data center to be up and running again. An organization can in this case, store the data elsewhere in a different cloud region as a backup. Most cloud providers have a separate backup of their data centers in a particular region, located in a different geographical region to ensure the backup version is available in minutes when such an incident occurs.

Cloud Governance and Compliance is another pillar of Data Security which strengthens your security over your organization’s environment. An organization must have the right governance and policy in place. An organization can mitigate risks and vulnerabilities present by applying policies that will meet the compliance needs of the organization.

An organization can follow governance in the following ways:

1. Access the entire infrastructure of the organization and make a list of all risks, vulnerabilities, data classification, etc.

2. Based on the assessment above, build a compliance and policy document to establish boundaries for the organization

3. Set processes in motion and then monitor all logs, to ensure the policy statements are not breached or violated by anyone

The following are five disciplines of Cloud governance from Microsoft:

1. Cost – Cost management is a crucial factor for cloud customers. Cloud providers offer a pay as you go model where an organization saves a lot on unwanted infrastructure costs

2. Security – security requirements can be established by an organization and cloud governance and policies can apply these requirements on data, network, users, etc.

3. Identity – Identity Access and Management can be used to reduce the risks pertaining to breach of data. Multi Factor authentication can be implemented by an organization for their users to ensure that the person accessing the data is who he says he is.

4. Resource – An organization can allocate resources to users, or a group of users and set permissions on these resources. This ensures that the data is categorized into chunks and a single chuck can be allocated to only a set of users that are assigned to it.

5. Deployment – Centralization, standardization, and consistency should be maintained with regards to deployment and configuration.