Do you know what data from your organization are stored in the cloud?
According to Anil Markose, senior vice president at IT consultancy Booz Allen Hamilton, the answer is probably, “No.”
In a recent interview concerning cloud security, Markose said, “I'd say in most cases an organization cannot tell you how much of their environment is in the cloud,” which he considers a critical understanding for an organization to have if it’s intent upon protecting its data. Because, he added, “if you don't know what's in the cloud, you definitely don't know what data is in there.”
Which leads to a second potential problem: “Do you have a potential data breach issue that you don't even know about because sensitive information that requires reporting is actually not under your control anymore?”
In addition to, at best, confusion concerning their own data, Markos said organizations in healthcare and other sectors are often unclear as to whether “that an application that they thought was on premises is actually a SaaS application. They don't understand that the back end is in the cloud already. There should be some level of governance around what is going into the cloud and what your cloud presence is.”
And then, as if keen on demonstrating the unsurprising proposition that data concerns are very much connected to each other, Markose pointed to the critical importance of knowing whether an organization’s cloud contracts are setup to ensure proper security. “Do you have the right risk management in place?” he asked. “If something bad were to occur, who's liable for that? Nine out of 10 times that company is definitely liable for it. But they have absolutely no control over how they're going to fix the situation, or they're at the mercy of that cloud provider or the SaaS provider.”
The key, Markose said, is “to think about the cloud as an extension of your environment. You should provide the same level of control, security and visibility in the cloud as you would on prem.”