Defense-in-Depth: Stemming Leaks of Sensitive Data from Cloud Storage (Part 2)

As we mentioned in our first post, this is not an issue for just the US Government, or for a US political party, or for any one vertical in particular – in the age of data-driven decision making, companies and organizations consistently rely more and more on aggregating data for analysis – and rely on cloud offerings to make this aggregation and processing effective. Whether one of the aforementioned issues, the April 2016 disclosure of 93.4 million voter registration records for Mexican citizens through another cloud instance, or the many issues that never make the news – these are issues that can be avoided by employing defense-in-depth – a standard practice in general among security practitioners – but one which is sometimes difficult in a cloud environment.

What should we take away from these incidents? What technical controls can be put in place that truly can make a difference?

  1. Apply multiple layers of protection. Your cloud provider likely offers a built-in option for identity management and/or encryption – all of which are a good start. However, a single misconfiguration (as has been proven to be the case in some of the above incidents) can then cause total loss of control. Regardless of whether this misconfiguration is accidental or malicious, it can have wide-ranging consequences as there is only a single layer of “rules” governing access to the data.
  2. Apply separation of duties. In this case, think of it in two ways:
    1. Separate the holder of the data from the holder of the access to the data. Said another way, don’t put the data and the ability to access it in the “basket” of one company.
    2. Separate the individuals in your company who use and have access to the data from those who own or apply protections to the data. Utilize a solution which can allow cryptographic controls to be applied by corporate security teams while still allowing the users of the data to have the flexibility needed to interact with and move their data around.
  3. Utilize cryptographic protections. Access control alone isn’t a comprehensive solution – combine access control list enforcement with data-centric cryptographic protections – based on strong and proven encryption algorithms.
  4. Modernize to attribute based access control (ABAC). The approach to managing access in the role based access control (RBAC) model of users and groups and roles is outdated, and while it can still play an important role in your data protection, organizations have more attributes which can be used for decision making today. Utilize a solution that can take into account time, location, data sensitivity, and more to “fine tune” the access controls around your data.

At one point, these goals were lofty and difficult to put in place – especially when migrating to a cloud infrastructure. We have worked tirelessly at Ionic Security based on the belief that all of these (and more) should be technical controls that are easy to implement for security administrators, data owners, IT teams, and end-users. Products which we have released (and will continue to) such as Machina Tools for Cloud Storage provide these technical controls – allowing you to implement defense-in-depth for your sensitive data in cloud storage and other environments.