Top 5 Cloud Data Security Best Practices for Cyber Awareness Month and How to Get There -- Security Today

Top 5 Cloud Data Security Best Practices for Cyber Awareness Month and How to Get There

By Karthik Krishnan
Oct 27, 2022

Cloud data security is a serious challenge most organizations face today. The cloud was designed for collaboration where every file or data element can be shared with anyone halfway around the globe. Cloud data can also be copied, duplicated, modified and passed along very easily. To illustrate the challenge, think about 100 different variations of a redlined sensitive contract that need to be protected, and consider that each variant can have different access privileges.

Saying that cloud data security is a complex issue may be the understatement of the year. But considering this time of the year, with October being Cyber Awareness Month, let’s consider the Top 5 best practices for addressing today’s cloud data security challenges:

Identify all sensitive data in the cloud without burdening information security teams to craft rules or complex policies. The list of cloud data that needs protecting will be long, and includes intellectual property, financial information, and PII/PCI/PHI.
Know what data is being shared with whom, including everyone spanning internal users and groups to external third parties.
Track data and its lineage as it moves across the cloud environment.
Quickly identify where cloud data may be at risk and provide actionable insights. For example, sensitive data discovered being shared out of accordance with corporate security guidelines or where access or activity violations are happening should trigger major red flags.
Remediate those issues as they are happening. For example, look to promptly fix access control issues or permissions, or disable sharing of a sensitive file that ought not to have been shared.

It might be debated that there are other best practices to consider, but it can’t be debated that these five best practices are critical for securing cloud data and keeping it safe.

However, identifying best practices for cloud data security is one thing, but effectively executing on them is another. This is because enterprises struggle with three important data challenges. First, there is massive growth in data, often it increases exponentially from year to year. Second, there is massive migration of data to the cloud. And third, the data that is worth protecting has become a very complex environment.

All of these factors present unique challenges to cloud data security. Traditional ways of protecting data like rule writing to discover what data is worth protecting or relying on end-users to ensure that data is shared with the right folks at all times simply doesn’t work in the cloud environment where it is now simple for employees to create, modify and share sensitive content with anyone.

A new approach called Data Security Posture Management (DSPM) is proving itself as a key technology area to help enable these cloud data security best practices. DSPM identifies and remediates risks to cloud data, powered by automated tools that make it possible to secure content at an atomic level without unnecessary overhead or new IT skills.

To understand DSPM, consider the similarly named Cloud Security Posture Management (CSPM) category. These solutions improve security by targeting cloud configuration errors, and they were a response to a host of security breaches related to misconfigured Amazon S3 data storage buckets.

Like CSPM, DSPM also focuses on misconfigured access privileges that can lead to data loss. DSPM solutions, however, tackle a more extensive and complex threat surface. A moderately complex cloud estate may house a few dozen storage instances and accounts for a handful of administrators. Contrast that threat surface with the complexity of an organization’s entire collection of cloud data, which can run to tens of millions of files, which is what DSPM protects.

The rise of automated DSPM solutions offers four capabilities essential to robust data protection and following these best practices:

Content discovery and categorization that provides the proper context for evaluating security best practices
Detection of access misconfigurations, inappropriate sharing, and risky use of email or messaging services
Evaluation of risks associated with data access and use
Risk remediation with the flexibility to tailor actions to suit business requirements

Unlike CSPM, where protected assets – storage buckets, administrative interfaces, online applications, and the like – are well-defined and understood, user-created cloud data is far more complex. Content categories range from valuable source code and intellectual property to regulated customer information and sensitive strategic documents. Accordingly, content discovery and accurate, granular categorization are essential precursors to effective DSPM and following these best practices.

Detecting misconfigured access settings, overshared files, or the use of risky channels (like cloud-based collaboration tools) is especially challenging. Even with highly accurate data categorization, hard and fast rules surrounding who can and can’t view a specific data category usually don’t exist. It’s a high-stakes problem because over-constrained data can quickly impact business operations and agility, while overshared data is a potential security risk.

Of course, simply finding at-risk data doesn’t cover all these best practices. Assessing risk, remediating misconfigured access permissions, and fixing sharing errors are important best practices that complete the DSPM cycle. There’s no magic bullet: Different organizations have different definitions of what’s critical, what’s trivial, and what’s at risk. Evaluating and quantifying risk gives focus to the process of fixing it.

All these best practices – categorizing content, detecting misconfigurations, and analyzing risk – can be accurately completed in DSPM solutions using deep learning technologies. With deep learning, the data (and related information about storage and usage) tells a rich and valuable security story. Capable deep learning solutions autonomously categorize data; then compare access configurations, storage locations, and data handling practices across similar files to spot and assess risk.

Data Security Posture Management protects your organization from data loss and breaches. Understanding your data, assessing risk, and remediating overly permissive access to sensitive information is at the heart of DSPM. Accurate, autonomous DSPM forms the foundation for more effective access control and following best practices for data security.

ZBeta Strengthens Its Advisory Bench with New Appointment
05/05/2025
Security Trends Reshaping Enterprise Resilience Into 2027
05/05/2025
Amerant Bank Selects Omnilert AI Technology for Enhanced Video Surveillance Security
05/02/2025
Minnesota County Is Still Reaping Huge Benefits from ASAP Service
05/01/2025
Winsted Unveils Pinnacle Collection with Sliding Worksurface
04/30/2025
Everon Awarded Sourcewell Cooperative Purchasing Contract
04/30/2025
Honeywell Signs Global Distribution Agreement With Milestone Systems
04/28/2025
DSI Security Services Announces Leadership Reorganization and Strategic Growth Initiatives
04/21/2025

Featured

Body-Worn Cameras on the Rise

On the evening of Oct. 29, 2024, the owner of 300 Guard based in Houston, was shot while on duty at a convenience store. He returned fire. He was wearing a plated vest and thankfully recovered in the hospital. Read Now
- Government
Fast-Forward from 1,000 B.C.E. to Today

The lock and key have been around since time immemorial. In fact, the locksmith profession is one of the oldest in the world when you consider the earliest wooden tumbler lock debuted three-plus millennia ago. Read Now
- Access Control
Brazil Port Enhances Surveillance and Supports Wildlife Conservation with Sustainable Technology

Ferroport, which operates the iron ore terminal at the Port of Açu in São João da Barra, Rio de Janeiro, Brazil, has deployed state-of-the-art video surveillance cameras from Axis Communications to enhance nighttime security and visibility, while decreasing environmental impact and prioritizing sustainability. With cutting-edge technology, the port now has precise surveillance cameras that capture high-quality nighttime images, while reducing the amount of artificial lighting that negatively impacts the surrounding ecosystem. Read Now
- Government
Verizon’s 2025 Data Breach Investigations Report Notes Alarming Cyberattack Surge Through Third Parties

Verizon Business recently released its 2025 Data Breach Investigations Report (DBIR), which reveals a significant increase in cyberattacks. The report found that third-party involvement in breaches has doubled to 30%, and exploitation of vulnerabilities has surged by 34%, creating a concerning threat landscape for businesses globally. Read Now
- Cybersecurity
Net2 Access Control Increases Reliability at Residential Complex

Encore Atlantic Shores is a residential complex of 240 luxurious townhomes for ages 55 and over in Eastport, New York. Completed in 2011, the site boasts an 11,800 square foot clubhouse, with amenities such as a fitness center, heated indoor pool, whirlpool spa, multi-purpose ballroom, cardroom and clubroom with billiards, tennis courts and an outdoor putting green. Read Now
- Access Control

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

ResponderLink

Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
QCS7230 System-on-Chip (SoC)

The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.