The hottest Forrester cloud data protection scheme

  • Detail

Forrester: cloud data protection scheme ensures enterprises to achieve security control Beijing News on April 18: the results of Forrester's interview with chief information security officers and enterprise technical managers show that enterprises have realized that cloud data protection (CDP) is not only important for the protection of sensitive data, but also a necessary measure for enterprises to achieve cloud service security control, This is because:

after the sensitive data is migrated to the cloud, it is beyond the control of the enterprise

enterprises should not think that the security measures of cloud service providers are foolproof

enterprises can migrate workloads to the cloud, but they cannot

many data leaks are caused by internal employee leaks or attacks on partners

enterprises must find, control and ensure the security of self shadow it* before data leakage

although the utilization of cloud and mobile platforms is developing rapidly, enterprise wide data protection measures are catching up

* note: shadowit refers to the IT facilities owned by the front-line business department of an enterprise; Usually, such it facilities are not under the management of the company's formal IT department, so there may be higher operational and security risks

forrester found after interviewing some enterprises that early adopted CDP solutions that, in addition to mitigating the risks of some core data related to cloud services, CDP can also bring the following benefits to enterprises:

realize the control of data dissemination, and only authorized business partners can access data. Encrypting SaaS data is an effective measure to realize data protection, because encryption can provide targeted fine-grained data to ensure high efficiency, low noise and stable access rights of the transmission system. In this way, when a user logs in to the SaaS application, cloud encryption can ensure that the user only sees the content he/she is authorized to obtain

enable employees to work anytime, anywhere and supervise their data access. CDP technology can usually provide a unified policy related to cloud data acquisition, and the behavior of users logging in and accessing data from any place and with any device is constrained by this policy

possible data leaks are detected in advance by analyzing the user's data acquisition behavior. Data violations or high-level persistent data threats from within the enterprise need to obtain data from within the enterprise in some way, which often means large-scale data manipulation and transfer. Therefore, using CDP tools to create a daily data acquisition baseline can not only resist high strength but also have excellent heat resistance - it can withstand the high temperature of 800~1000 ℃ to prevent illegal data acquisition, but also detect subsequent data leakage

protect customer data from government monitoring. CDP schemes usually encrypt the data before it is transmitted or stored in the cloud environment and provide the unique secret key to the owner of the data. For enterprises with privacy concerns, CDP can not only help them achieve compliance with national data regulations, but also help enterprises ensure that they have perfect stability and protect their customer data from government monitoring in another country

help enterprises recover their data control from cloud service providers to a certain extent. Even if cloud service providers provide CDP solutions, enterprise security and risk professionals are still not sure about the technical details and relevance; In addition, usually, enterprises cannot require cloud service providers to disclose relevant details. However, enterprise security and risk professionals have good reasons to pay attention to cloud service providers' data encryption methods, secret key management methods, identity management, network login and data forensics availability. Therefore, the use of third-party CDP solutions can help enterprises achieve data control to a certain extent without obtaining more detailed technical details of cloud services

encrypt data before it is migrated to the cloud. The data encryption in the transmission process and the data encryption measures of cloud service providers are not enough. Enterprise security risk professionals are increasingly inclined to encrypt sensitive data before it leaves the enterprise

The CDP scheme has many deployment modes, and the manufacturer's scheme is often a combination of the following architecture modes. The difference between different schemes lies in the different encryption methods before data migration to the cloud

no.1 CDP encryption in the cloud is off

no.2 CDP encryption for local deployment

no.3 client plug-in CDP encryption

no.4 cloud virtual layer or physical layer centralized drive encryption

no.5 cloud data governance platform

enterprises need to rely on the flexibility, timeliness, better cost structure and other advantages of cloud services to carry out digital business. In addition to achieving compliance goals, enterprise security risk professionals should use CDP to discover and manage shadow it within the organization. Security risk personnel can use CDP to identify various data patterns within the enterprise, so as to have a deeper understanding of their own needs for cloud services. After fully understanding their own business needs, institutional data flow and cloud service projects that need further support, enterprise security and risk professionals can effectively choose their own CDP solutions

Copyright © 2011 JIN SHI