Securing data within the cloud: Common problems enterprises are facing … and solutions – SiliconANGLE News

admin on September 13, 2022 Leave a Comment

The cloud is changing, and not just mildly. As enterprises increasingly adopt hybrid cloud, multicloud and edge technologies, the ways in which to secure data within all these infrastructures are becoming increasingly intricate.

Problems with securing data and other critical assets within the cloud have subsequently increased as organizations refactor their strategies to accommodate in-demand technologies like AWS S3.

The big thing that were seeing is thatcustomers are blind to the fact thatthe data itself must also be protected and looked at, saidEd Casmer (pictured, left), founder and chief executive officer of Cloud Storage Security. And, eventually, we find these customers who do come to therealization that it needs to happen.And so, really, the blind spot is the factthat we find most customers not looking atwhether that data is safe to use.

Casmer andJames Johnson (pictured, right), associate vice president of research and development at iPipeline Inc., spoke with theCUBE industry analystJohn Furrier at the Cybersecurity Detect and Protect Against Threats event, during an exclusive broadcast on theCUBE, SiliconANGLE Medias livestreaming studio. They discussed the areas organizations must begin to pay attention to as they run large swathes of cross-infrastructure, cloud-based data. (* Disclosure below.)

iPipeline, a leading purveyor of cloud-based software for the insurance and financial services industry, is also one of CSSs customers. The company is in the process of fleshing out its digital ecosystem in the cloud, away from the traditional data center implementation. In doing so, iPipeline has had to rethink its approach to file storage and vulnerability scanning, according to Johnson.

It was really necessary for us to identifya solution that both solved for thesevulnerability scanning needs,as well as enabled us to leverage the capabilitiesthat we get with other aspects of our move to the cloud things like being able to automatically scale based and need, he said.

Speed and scale were the main drivers for iPipelines decision to move to CSS, according to Johnson. As the companys infrastructure requirements increased, it began to feel like it needed a cloud-native solution that could perform dynamic security scans without worrying about manually spinning up new engine instances.

Being able to scan dynamically andalso being able to move that out of the application layer is crucial for us,basically doing it all behind the scenes, Johnson stated. We are now able to scan with the file saved in S3, allowing us torelease the fileonce its been deemed safe, rather thanblocking the user while they wait for that scanto take place.

With solutions providers that bear custody of corporate data at any level, theres always the question of compliance and auditing. They are answerable to two tangentially different stakeholders: their customers and the regulatory bodies.

Traditionally, weve looked at that compliance requirement as endpoint dataand the data that you see in your on-premise world, Casmer explained.It doesnt translate as directly to cloud data,but its certainly applicable.And if you want to achieve SOC 2or you want to achieve some of these other pieces,you have to be scanning your data as well.

A solution like iPipelines will inevitably have to ingest data from a vast multitude of sources. And the onus is on the company to ensure the data from all these disparate sources are risk-free, according to Johnson.

As we ingest that data,theres minimal impact toeach one of those integrations,because everything comes into the S3 bucketand is scanned before it is available forconsumption or distribution, he explained. This allows us to ensure thatno matter where that data is coming from,we are able to verify that it is safebefore we allow it into our systems orallow it to continue on to another third party, such as a customer.

Security solutions for cloud data have been available for a while. However, the reason why the enterprise keeps falling prey to malicious actors is that the floor keeps shifting beneath companies as malicious actors change approaches, according to Casmer.

It is a moving target, he said. As new technology becomes available,that opens additional attack vectors.The challenge is keeping up with the changing world,including keeping up with the new ways that people are findingto exploit vulnerabilities.

Heres the complete video interview, part of SiliconANGLEs and theCUBEs coverage of the Cybersecurity Detect and Protect Against Threats event:

(* Disclosure: Cloud Storage Security sponsored this segment of theCUBE. Neither Cloud Storage Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Read the original post:
Securing data within the cloud: Common problems enterprises are facing ... and solutions - SiliconANGLE News

Related Posts
Posted in Cloud Storage

Comments are closed.