Most 2021 Data Breaches Were Cloud-based: Learn to Protect Yourself
Last month, Security magazine posted an excellent roundup of the Top Ten Data Breaches of 2021. These breaches impacted over 50 million individuals, were globally dispersed, and struck various industries spanning financial services, manufacturing and utilities, healthcare, and government, and others.
While a couple of them were new leaks or aggregations of previously breached data, the vast majority were fresh breaches, and almost all of them contained PII and other sensitive data.
More importantly, 7 out of the 10 breaches were confirmed to be from data stored in publicly accessible cloud repositories, highlighting the importance of proper data access control for cloud data.
The clear takeaway here is that in the surge to move data to the cloud, typically in support of mobility and digital transformation initiatives, organizations are not taking sufficient steps to safeguard the data that they move to the cloud. Many of the breaches were of data stored in third party services like MongoDB and ElasticSearch that do offer adequate protection, but require customers to make use of those controls.
Here are three steps you should be taking to implement data centric security and keep yourself and your organization out of the news this year:
- Take a Data Inventory - For any cloud-based data, make sure that you have your arms around what sensitive data is available, who has access to it, and how it’s protected. This sounds basic and obvious, and yet the examples above highlight the fact that many organizations are not taking this elementary and crucial step.
- Identify Dark Data - This is the data that’s out there but isn’t being used or accessed. Typically placed in the cloud in anticipation of an upcoming project, it gets forgotten and, over time, left unguarded. At best, it’s money you’re burning needlessly and can recoup. At worst, it’s adding an unnecessary threat surface to your organization.
- Implement a Data Access Recertification Process - While the first two steps will identify any existing exposures you need to shore up, this final step will ensure that you remain protected going forward. For any data access, institute a recertification process that ensures that needless data access privileges are periodically pruned to enforce the principle of least privilege.
Moving your organizational data to the cloud is necessary to drive digital transformation. It is important to apply best practices in how that data is migrated and protected once it’s there. This is what we do and how we help our clients. Please contact us if we can be of service to you.
Operationalize the Feedback Loop with TrustLogix
The TrustLogix AI-Native Data Security Platform puts this feedback-loop model into action by integrating data activity monitoring directly with adaptive access control. TrustLogix ships with more than 40 out-of-the-box monitoring policies aligned with CIS, NIST, and SOC 2 benchmarks, giving organizations actionable visibility in two hours or less. It also provides a policy builder for custom monitoring rules tailored to specific business requirements.
TrustLogix supports policy-based, attribute-based, and relationship-based access controls, allowing policies to consider user identity attributes, sensitivity classifications, geography, purpose of use, and real-time risk scores. By combining these fine-grained access controls with continuous monitoring, organizations can implement adaptive policies that respond instantly to risk signals and maintain secure, continuous data access across the environment.
%20image%201_%20Feedback%20Loop%20-%20Policy%20Example.png)
%20image%202_%20Feedback%20Loop%20-%20Attribute%20Example.png)
See a quick demo to learn how this could work in your environment.
Stay in the Know
Subscribe to Our Blog
