As a cloud security professional, you need to be prepared to generate solutions to overcome these obstacles:
- Identifying where your data is: The idea of data in the cloud is at once both liberating and terrifying. The ability to have data available “on real-time demand,” across almost any platform and access mechanism, is an incredible advancement with regard to end user productivity and collaboration. However, at the same time, the security implications of this level of access confound both the enterprise and the CCSP, challenging them to find ways to secure the data that users are accessing in real time, from multiple locations, across multiple platforms.
Not knowing with assurance where data is, where it is going, and where it will be at any given moment presents significant security concerns for enterprise data and the confidentiality, integrity, and availability that is required to be provided by the cloud security professional.
- Accessing the data: Not all data stored in the cloud can be accessed easily. Sometimes customers do not have the necessary administrative rights to access their data on demand, or long-term data can be visible to the customer but not accessible to download in acceptable formats for use offline.
The lack of data access might require special configurations for the data discovery process, which in turn might result in additional time and expense for the organization. Data access requirements and capabilities can also change during the data lifecycle. Archiving, disaster recovery, and backup sets tend to offer less control and flexibility for the end user. In addition, metadata such as indexes and labels might not be accessible.
When planning data discovery architectures, you should make sure you will have access to the data in a usable way and make sure that metadata is also accessible and in place. The required conditions for access to the data should be documented in the cloud service provider service-level agreement.
- There needs to be agreement ahead of time on issues such as:
- Limits on the volume of data that will be accessible
- The ability to collect/examine large amounts of data
- Whether any/all related metadata will be preserved
- Other areas to examine and agree about ahead of time include storage costs, networking capabilities and bandwidth limitations, scalability during peak periods of usage, and any additional administrative issues for which the cloud service provider, not the customer, needs to bear responsibility.
- Preservation and maintenance: Who has the obligation to preserve data? It is up to you to make sure preservation requirements are clearly documented for, and supported by, the cloud service provider as part of the SLA.
If the time requirement for preservation exceeds what has been documented in the provider SLA, the data may be lost. Long-term preservation of data is possible and can also be managed via an SLA with a provider. However, the issues of data granularity, access, and visibility all would need to be considered when planning for data discovery against long-term stored data sets.
Related article – Data Classification