Securing data during the cloud migration comes down to controlling access, which can be achieved via process improvements and modern data access tools.
According to Gartner, 75% of all databases will have been deployed or migrated to a cloud platform by this year, with only five percent ever considered for a return to on-premises infrastructure.
Moving data to the cloud allows companies to access, store, and query expansive datasets quickly and cost-effectively. Data scientists see this as an opportunity to combine internal PII and financial data with external third-party datasets in the cloud to build new models for customer behavior. These insights will help build more effective marketing campaigns, identify areas of improvement for customer services, and streamline operations.
But this shift to the cloud poses two vital questions: Is this personal and sensitive data secure once it’s on the cloud? And can it be kept safe during the migration process?
Analytics leaders must figure out how to navigate and answer these questions with confidence and to the satisfaction of information security, privacy, and compliance teams. With the help of process improvements and modern data access tools, sensitive data can be managed securely during the migration process and once stored on the cloud.
The Highs of Migrating Your Data to The Cloud
Large enterprises mainly turn to the cloud for flexibility and reduced operations costs, while smaller, high-growth companies want scalability and faster insights. Whether moving your data to a public, private, hybrid, or multi-cloud environment, key benefits include:
Speed and flexibility: Seventy-one percent (71%) of companies turn to the cloud for speed improvements and 63% for greater flexibility. Teams can get data queries returned faster with less latency.
Scalability: When companies go through an enormous period of growth, they need a solution that will scale accordingly and provide enough storage for the future. Storing data on the cloud allows high-growth companies to remain agile without significant investment.
Enhanced collaboration: Storing data on the cloud enables data sharing, version control, and easier backups regardless of where your team is located. Teams can be confident that data is always up to date.
Time and cost savings: Moving to the cloud means there are no costly data centers or on-site servers to set up, maintain or replace. IT teams no longer have to spend countless hours backing up and maintaining these data centers. Moving data to the cloud frees up these vital resources so they can focus on the day-to-day running of the business and doing what they do best – innovating.
Better insights: Companies can access and analyze proprietary data along with external third-party datasets in the cloud to power BI, analytics, and machine learning projects and build more effective digital experiences and marketing campaigns.
…and the Lows
While moving your data to the cloud has many benefits, it can be complex to manage – especially when it comes to keeping sensitive information secure, compliant and accessible.
IDC’s recent report shows that nearly all organizations – a whopping 98% – have experienced a cloud security breach in the past 18 months, a rise of 20% from 2020. Further, access-related vulnerabilities caused four out of five cloud data breaches. With an estimated 90% of businesses using multiple clouds by 2022, secure data access is a priority. According to the recent State of DataSecOps in the Cloud report conducted by Data Science Connect, a community of over 20,000 data and analytics professionals across North America, 85% consider securing access to sensitive data is critical for their business to reduce the data breach risk or unauthorized exposures.
According to SANS, the top types of sensitive or regulated data that companies store in the cloud include employee records (52.9%), business intelligence data (51.1%), financial and accounting records (50.2%), and personal information on customers (42%). Companies can unknowingly expose this sensitive data during migration due to poor data security protocols that leave databases vulnerable.
It’s critical to ensure that this sensitive data is kept secure throughout the entire process. Any security measures that were applied on-premises before the migration must be carried through to the cloud. With more information being shared inside and outside of the organization via the cloud, it’s more critical than ever to take the right steps to protect it. Take, for example, a recent Volkswagen breach. Data for over three million customers was exposed, ranging from contact information to more sensitive information, including driver’s license numbers, social security numbers, and loan numbers, when a vendor left unsecured data online.
At a minimum, the same level of security and compliance that was maintained in the previous platform must be present during migration. The previous platform may have already had access controls (including granular controls such as column-based access control) and compliance reports, and it likely endured some security hardening. You want to make sure that the migration does not introduce new risks or allow data consumers to access sensitive data to which they do not require access (e.g., PII, PHI, financial data, and other sensitive data).
See also: Cloud Migration: Enabling Innovation
Five Ways Data Security Operations (or DataSecOps) Keeps Data Safe
Securing data during the cloud migration process really comes down to controlling access. With the help of process improvements and modern data access tools such as DataSecOps, sensitive data will remain accessible – yet controlled – during migration without impacting business initiatives.
DataSecOps secures access to sensitive data during migration and once stored on the cloud in five critical ways:
- Gaining Visibility of Data Access: DataSecOps provides real-time visibility into what data is being accessed and by whom. For example, you can easily view which roles or users are accessing sensitive information and in which databases or tables.
- Simplifying Access Control: One area where cloud migrations can go wrong is when ensuring access control. This added challenge may either slow down the project, make it more expensive, hinder data security, create compliance regressions or do all of the above. DataSecOps makes setting access controls simple. The controls are data infrastructure agnostic, so the same policies can be applied to different technologies. Moreover, you can set policies based on data types, avoiding delays and complications associated with configuring each database, schema, table, and column. With DataSecOps, you can also set a generic policy, such as “mask all access to PII,” and proceed from this more efficient starting point.
- Knowing the Location of Sensitive Data: More often than not, sensitive data is spread across many more locations than a company realizes. Migrating to the cloud is more challenging if you don’t know where the data lives. DataSecOps reduces this uncertainty and ensures that the migration is done correctly without accidentally exposing sensitive data. As Chaim Mazal, SVP of Technology and CISO at Kandji, recently shared at the Security and Privacy roundtable at the Data Leader Summit: “Being able to have an effective line of sight on which data resides where, how internal stakeholders are consuming that data, and what they need to be successful within their role without increasing the risk of data breach or exposure for their organization – that’s the ‘why’ for DataSecOps.”
- Universally Masking Sensitive Data: In addition to knowing the location of sensitive data, applying universal masking is a good way to maintain instant security during migration. DataSecOps solutions with this capability allow users to access data quickly, without setting dataset anonymization or individually configuring dynamic masking for each specific column, a process that can delay migration.
- Helping with Compliance Concerns: With DataSecOps, you can monitor and maintain complete reports of all data access with added context (such as the nature of data, the access methods, and the roles and groups of the consumers). This helps achieve a smoother migration process to your new data warehouse. For example, you can export a detailed audit of all access to PII.
DataSecOps speeds up and secures migrations by streamlining and automating data access and permissions and keeps data secure once it’s on the cloud – allowing data scientists, analysts, and business users to access data without encountering the bottleneck of IT and data engineering resources.
By 2026, Gartner predicts public cloud spending will exceed 45% of all enterprise IT spending. With this mass migration to the cloud and movement toward democratizing data, companies need to ensure that sensitive PII and financial data is not only included in the migration but that it remains secure and compliant once it’s on the cloud. It is possible to keep data highly accessible to the right people while maintaining control via a DataSecOps approach.