Principles For Data Protection In The Cloud In 2016

Source: http://cloudtweaks.com/2015/12/data-protection-the-cloud/ :

I agree to “Ensure policy management extends to access management.” A new study, related to security for the mix of environments, by the SANS Institute reported that “fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use,” and “fewer than a third of organizations have a strategy in place to tailor security requirements to the mix of environments they use.” The study reported that “75 percent of organizations utilize identity and access management tools on premises, only 31 percent use it in the cloud,” and “63 percent of organizations use a SIEM to track security events across traditional data center assets, just 25 percent do the same with cloud assets.”

I agree to "Enable data owners to specify what actions users can take– read, write, copy, modify." A recent report from Gartner analyzed solutions for Data Protection and Data Access Governance and the title of the report is “Market Guide for Data-Centric Audit and Protection.” The report concluded that “Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act.”

I agree to "Set encryption settings – key strength and key management parameters based on data sensitivity." Attackers may steal your keys or data and a recent guidance from Gartner is recommending to “understand when data appears in clear text, where keys are made available and stored, and who has access to the keys,” and recommending to “apply encryption or tokenization.”

An interesting cloud security option for many companies can be found in a recent Gartner report that concluded that “Cloud Data Protection Gateways” provides a “High Benefit Rating” and “offer a way to secure sensitive enterprise data and files.”

Ulf Mattsson, CTO Protegrity