Enabling a Connected Workplace – The Challenge
Organizations have left no stone unturned to adopt collaboration services, which saw an increase of up to 600% in usage due to the ‘New Normal’. As per Cloud Adoption & Risk Report from McAfee, Microsoft reported its Cloud Services growth as high as 775%. As cloud service adoption increased, so did threats aimed at cloud services with a higher concentration on collaboration services like Microsoft 365. The majority of cloud computing security risks are related to cloud data security. Lack of data visibility, limited control of data, or data theft in the cloud, most issues circle back to the data placed in the cloud.
Cloud Data Risk – The Key Factors
1. Personal Apps Connected to the Enterprise Cloud
Using personal applications on corporate devices is widespread. Most of these personal apps are vulnerable, putting sensitive data at risk coupled with various malware attacks on cloud services exploiting user trust. For example, it is common for any user to have two Microsoft OneDrive applications on the device– personal and corporate. The chances of uploading sensitive enterprise data files to the personal OneDrive is very likely.
2. Enterprise Cloud Apps exposed to Third-Parties 
As enterprises start using their cloud applications with external agencies, data exposure increases. Enterprise security teams provide third-party vendors with highly privileged roles on the cloud applications. Sometimes, the breach might happen after the data has left the cloud and moved into the vendor agencies’ systems. The security concern is that once sensitive data leaves the enterprise, you’ve lost control and visibility of your data.
Security teams need to focus on how to reduce third-party data exposure in their cloud environment and beyond.
3. Misconfiguration of Access Control
External parties access enterprise files and folders using their devices, mostly unmanaged and without any anti-malware technology. Any malicious file uploads to the folders can pose a colossal data security risk.
Microsoft 365 allows your users to collaborate with external parties beyond organization perimeters in applications like Teams, OneDrive, and SharePoint. The users can share a file or even a folder, which provides access to all the files residing on the folder and subfolders and new files created in those folders. IT security groups need to control the access and monitor the actions performed on these files and folders.
The Data-Centric Approach
It is cumbersome to constantly chase data as it moves around within the enterprise, to the cloud, and beyond. Enterprises need to be confident that sensitive data is protected- whether it travels across the cloud or third-party systems. The data-centric security approach is the only option that embeds security controls in the data itself while data-at-rest, in-transit, and at-work, stops the data chase. A solid data-centric security approach to the cloud involves:
- Reducing Data Access & Footprint: Users are often assigned unnecessary privilege access increases the risk of a data breach. It is critical to assign the right access to prevent users from exposing or stealing data. Also, simply reducing or removing the data stored in the Cloud account can stop data misuse.
- Detecting and classifying data: Assign a DLP/CASB policy to detect sensitive data like credit card data (PCI), customer data, personally identifiable information (PII), or any other data as per company policies. The standard blocking feature of DLP/CASB systems ensures confidential information stays contained. But blocking data hinders collaboration making the data useless.
- Encrypting data and embedding security controls into the data: Encryption and rights management systems integrated with CASB systems and cloud services can automatically encrypt the data, add access and usage controls to ‘discovered’ data in the endpoint, email, and cloud. Employees can collaborate and continue working securely since the data is protected before leaving the enterprise.
Data-Centric security – The Only Option
The top reason to adopt data-centric security solutions for the cloud is to regain control of data. The security controls travel or reside with the sensitive data, regardless of device, OS, or platform. Microsoft 365 integrated with rights management solutions provides automatic protection as soon as documents are uploaded into Microsoft Teams channels or SharePoint Online. The user need not worry about manually protecting documents or deciding which security policy to apply. By attaching usage controls to sensitive emails and documents, users can confidently collaborate on the cloud.
Learn more about the best-in-class rights management solution to protect sensitive data on Microsoft 365. Watch Video
(Disclaimer: The logos used in the graphics are for representation purposes only. The information in the graphics is intended for informational and educational purposes only.)
