Cloud Data Risk Posture – Understanding and Minimizing Cloud Data Risk

Data Discovery

In the cloud, data is the new perimeter. There are no walls to give a false sense of security. Understanding what data you have and the associated risks is therefore essential toward a prescriptive risk remediation remedy. Knowing your data and risk posture is elemental for proactive prevention of data exfiltration or corruption.

There are two parts to assessing an organization’s cloud data risk posture:

  1. It’s essential to get a complete situational awareness of where, what and whose data an organization is collecting and processing.
  2. It’s important to understand the sensitivity of the data – and the associated risk based on its content, context, access, location and residency of the data subject.

Getting a complete picture of what data an organization has and processes requires an ability to identify Crown Jewels like PII, PI, NPI, PHI, PCI, and credentials across a modern cloud data landscape. This means a mix of structured databases and warehouses, unstructured documents, blob store and email, semi-structured stores like MongoDB Atlas, Couchbase, and Cassandra, data pipelines like Kafka and Kinesis, SaaS applications like Salesforce and Zendesk and even dev tools like Jira, Confluence and GitLab.

It requires an ability to build and dynamically maintain a data inventory and catalog for simplified review, alerting and identification of duplication and redundancy.

It also requires an ability to scan efficiently without agents, auto-updating the inventory via differential scans when changes in databases, schemas or documents are detected.

SmalID achieves this situational awareness automatically.

Once data is identified by location and residency, it becomes possible to calculate sensitivity and risk. Sensitivity can be assessed by type of data (like health data or personal data) or can o be associated with secrecy or handling parameters – like secret and top secret. This type of sensitivity associated labeling or categorization needs to be built-in and applicable for both individual data attributes and combinations of data attributes.

Risk builds on sensitivity but can factor in other considerations: class of data, geography of storage, supporting access control, level of duplication, residency of the data subject to whom the data belong (impacting privacy, breach and health regulations) and more. It can also factor in policies or rules like cross-border data transfer or violation of GDPR or CCPA.

SmallID brings this contextual data awareness together with sensitivity to deliver on a more comprehensive and holistic view for enterprises of cloud data risk posture. Try it for free.