Welcome!

Cognitive Computing Authors: Liz McMillan, Pat Romanski, Yeshim Deniz, Zakia Bouachraoui, Elizabeth White

Related Topics: Cloud Security, Microservices Expo, Microsoft Cloud, Containers Expo Blog, Cognitive Computing , @CloudExpo

Cloud Security: Article

Why Data Breaches Occur and How You Can Lessen Their Impact | Part 2

Part 2 of 2: There are a few small things that can make a big difference in every organization

Last week, I covered some of the reasons data breaches happen. Let's shift gears now and look at what can be done to reduce their impact. To be perfectly clear, there’s no magic bullet for security. There are, however, a few small things that can make a big difference in every organization.

  • Encrypt everything
    This may sound difficult, inconvenient and expensive, but it’s really not. In fact, once implemented, most encryption solutions are so turn-key that you’re likely to forget they’re running in the background. Plus, can you really put a price on the protection of your corporate and customer data?

    At a minimum, you should encrypt anything you believe to be sensitive data, regardless of whether a federal mandate requires it. In the healthcare example I referenced earlier, if the data on those lost or stolen devices was encrypted, the organizations responsible for it wouldn’t have had to report the thefts, saving millions of dollars in fines, not to mention public embarrassment and brand damage.

    Encryption is not about preventing data breaches, but rather mitigating the damage a breach can cause. Encrypted data is essentially useless data if you heed the advice below.

  • Take good care of your keys
    You know those people who claim to be vegetarians but admit that they also “eat chicken and fish?” They're not really vegetarians. In much the same way, someone can claim they take data security seriously, but if they don’t have a sound key management strategy, then they’re only fooling themselves. If you take data security seriously, then you need to take key management seriously as well.

    Good key management starts with knowing what keys, tokens, certificates and other security-related objects are loosely floating around your environment. Once you’ve found them, you need to secure and manage them. Organizations should consider a centralized management system for these objects provides security and storage, and enforces a broad range of policies for object authorization, access, expiration, revocation, retrieval limits and more.

    Centralizing key management ensures that there’s always a single, trusted source of truth governing access to your important security objects. To prevent unauthorized access to your keys (and thus, your data), it’s important to ensure this centralized key store is accessed only through approved, automated processes, rather than specific individual users.

     

  • Require multifactor authentication, especially in the cloud
    Two-factor authentication can significantly reduce the likelihood of an account being compromised or access being granted to an unauthorized party. And it works really well on shared systems where multiple users might login at different points in the day.

    But the cloud is an entirely different animal, and traditional two-factor authentication that requires a user to have direct, physical access to a device in use, simply doesn't work. For example, you cannot use a smart card or fingerprint reader to access a device in Amazon's cloud.

    For cloud-friendly multifactor authentication, look for a solution that alerts third parties when access to a certain application, file or SSH session is being requested. This ensures someone, or something, other than the original requestor, signs off on the request before access is granted.

The suggestions above are fairly quick and easy to implement either on premises or in the cloud and can immediately boost your security posture. Protecting your data means protecting your intellectual property, your customers’ privacy, your competitive advantage and your reputation. That should be reason enough to act, shouldn’t it?

More Stories By David Tishgart

David Tishgart is a Director of Product Marketing at Cloudera, focused on the company's cloud products, strategy, and partnerships. Prior to joining Cloudera, he ran business development and marketing at Gazzang, an enterprise security software company that was eventually acquired by Cloudera. He brings nearly two decades of experience in enterprise software, hardware, and services marketing to Cloudera. He holds a bachelor's degree in journalism from the University of Texas at Austin.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Scala Hosting is trusted by 50 000 customers from 120 countries and hosting 700 000+ websites. The company has local presence in the United States and Europe and runs an internal R&D department which focuses on changing the status quo in the web hosting industry. Imagine every website owner running their online business on a fully managed cloud VPS platform at an affordable price that's very close to the price of shared hosting. The efforts of the R&D department in the last 3 years made that pos...