How To Protect Cloud Data Anywhere Using A Data Security Mesh
It was, literally and figuratively, the perfect storm. A blizzard forced everyone from a Wall Street wealth management firm to work from home. At the same time, clients were denied access to their information and called their contacts at the firm understandably concerned. The operations team determined that with the data analysts working from home, the internet pipe was heavily loaded and dropping packets.
Although this issue was quickly fixed, it raised a red flag at the next partner meeting. For some time, the CIO had been advocating a move of the data store to the cloud, but the potential downtime associated with such a decision pushed it into the “some other time” category. Now, a cloud migration seemed to be the only viable solution to prevent a repeat of the aforementioned incident — or worse.
Situations like this were a precursor to organizations strongly considering the cloud, and the pandemic accelerated a hyperconnected world where remote work is prominent and cloud migrations frequent. With these changes, IT departments realize that the old perimeter approach to security is antiquated, and they need a security ideology that embraces the idea of location independence. This strategy is called a data security mesh.
Defining The Data Security Mesh
Gartner designated a cybersecurity mesh approach as one of its Top Strategic Technology Trends for 2021 and said that it “allows for the security perimeter to be defined around the identity of a person or thing. It enables a more modular, responsive security approach by centralizing policy orchestration and distributing policy enforcement.” As part of this strategy, a data security mesh is more nuanced. It exists below the network layer, focusing specifically on how data records are collected, stored, used and shared securely by each user via their individual devices.
Security policy enforcement must be applied at the data record level to achieve flexibility. Each data asset could require different security tiers, which allows organizations to scale the protection for each access point and where they interact. When implemented correctly, a data security mesh can protect data from any source to any destination while ensuring that existing workflows remain intact.
Creating The Data Security Mesh
It is one thing to understand the need to implement a new strategy and another to determine the steps necessary to do so. A comprehensive data security mesh strategy will face challenges that require auditing existing technology, properly training staff and vetting technology partners.
- Audit and integrate existing technology. Old and new protection mechanisms must work together, so it is critical to understand how — or if — existing technology helps or impedes cloud data security. For example, it is necessary to audit all encryption “at rest” capabilities and make sure each is standardized. Each data store may have its data protection mechanisms, so consistent protection is needed, regardless of where data resides or where it is going throughout the mesh. Enhancing current security postures to extend from “at rest” to “in use” is a key benefit of the mesh.
- Incorporate mesh-focused training. The data security mesh requires a cloud-first mentality among everyone who uses, shares and protects data. Training for a data security mesh should focus on:
- Implementing protection mechanisms based on downstream utility, allowing sensitive data to be accessed without exposing it.
- Architecting the mesh for scale as the volume of data increases.
- Ensuring application performance is measured and monitored.
One way to build a cloud-first culture is by implementing a DataSecOps approach, where IT and data scientists are continuously working together to ensure that specific security measures are built into the infrastructure from the very beginning. Early collaboration between data scientists, IT and developers is necessary to ensure that these new security protocols are an inherent part of how data is accessed, shared and stored. In doing so, applications can transparently interface within the mesh to ease integration of legacy systems and new concepts, such as serverless capabilities.
- Vet potential partners. Moving data into the cloud requires having security partners to help ensure a successful data security mesh approach. As with any collaboration, it is vital to conduct proper due diligence and ask the right questions of any potential partner, such as the following:
- What is your identity strategy to ensure that a consistent posture is maintained across cloud environments?
- What security and privacy certifications do you have?
- How well-versed are you in the compliance and privacy regulations that our organization is subject to?
Cloud computing creates an environment where there’s no limitation on the data’s location and how much of it is collected and processed. A data security mesh enables this forward-thinking approach and yields a number of other benefits, including greater access control over data, enhanced security analytics, massive scalability and higher performance of all data-related functions. Data is an organization’s most valuable non-human asset, and protecting it in a manner that is in line with our growing dependence on the cloud should be a top priority.
This article originally appeared in Forbes.
Related posts
Join our newsletter
Schedule a Demo with the Baffle team
Meet with Baffle team to ask questions and find out how Baffle can protect your sensitive data.
Easy
No application code modification required
Fast
Deploy in hours not weeks
Comprehensive
One solution for masking, tokenization, and encryption
Secure
AES cryptographic protection
Flexible
No impact to user experience