1. Encrypt all data going to the cloud. An overarching rule of thumb here is that if your data is outside your walls, it had better be encrypted. Just as you wouldn’t access sensitive information over public wi-fi without a VPN, you shouldn’t use public cloud storage without proper encryption. If data is encrypted at rest and only people with approved, secure access have contact with the encryption keys, it eliminates a great deal of the worry about data exposure.
2. Generate and own your encryption keys. Bear in mind that if your data is encrypted at rest and only you have access to the encryption keys, then you have nothing to worry about if a storage bucket becomes exposed: encrypted data will be useless gibberish to any non-authorized user. Be sure to generate and manage your keys separately from any third-party service to ensure total data privacy.
3. Manage access permissions – Use a multi-layer access control system that starts from the access permissions of the bucket itself all the way to the file level for the relevant workloads, preserving permissions and connecting them to central directory authentication systems.
4. Lock down endpoints and offices. Use enterprise EMM/MDM tools to eliminate shadow IT and create secure productivity spaces within corporate-provided and BYOD devices. Leverage DLP software to monitor data-access patterns and find deviations that can detect data leakage.
5. Review security measures regularly. It is good practice to perform regular “pen tests” to evaluate your security posture and ensure no new leaks have appeared over time. This strategy will go a long way to confirm that there are no weak points for potential entry, especially when there is a change in network. It’s good practice to check and ensure no new leaks have sprung.
The advantages of storing information in cloud buckets easily outweighs the risk. Leaky cloud buckets can be an easy fix, with some consideration and attention to security protocols at the outset of storing data.