The world seems to have its head in the clouds. Governments are doubling down on their cloud efforts for its promise of flexibility and scalability.
But as more applications and users move to the cloud, knowing who has access to sensitive data can quickly become a gargantuan task.
Chih-Feng Ku, Director of Sales Engineering at SailPoint Asia Pacific, discusses how digital identities can cut through the confusion and secure the cloud.
Turn to AI and automation
Cloud has been a powerful tool during the pandemic, allowing agencies to develop new services and innovate quickly – but that means sensitive data can reside anywhere.
Remote working also allows employees to access sensitive networks from unverified locations and devices. With more applications and devices in the environment, knowing who has access to sensitive systems can become an “unwieldy task”.
AI and machine learning can allow agencies to take a “predictive approach” to identity security.
Insights from AI and machine learning can uncover where potential security gaps exist, for instance. That allows security teams to proactively monitor for risk, and anticipate how access controls should change to reduce this risk, he says.
The technologies can also automate labour-intensive processes such as access requests and password management. That frees up analysts to focus on higher-risk matters, and reduce operational costs, Ku says.
The crucial role of digital identities
To secure the cloud, it’s also crucial to keep track of staff’s digital identities, or their virtual credentials, and control access to sensitive data.
Identity security can help. It’s a method of identifying and controlling who has access to what applications and files, who should have access to these resources, and how that access is used.
That ensures users attempting to access sensitive databases are employees, and not malicious actors. It also prevents employees from accessing data they’re not supposed to.
The National Health Service (NHS) in the UK, for instance, has partnered SailPoint to secure their move to the cloud. The number of health data breaches had been rising, but the system struggled with getting funds and skilled manpower to secure sensitive patient data.
SailPoint helped NHS to identify and control access to applications, and find out how that access is being used. With the help of the cloud, this could be done without a large expenditure or a dedicated team to maintain and update the system.
Three tips for the cloud
With more government agencies turning to the cloud for its flexibility and scalability, security is crucial. Ku shares three tips for securing the cloud.
First, agencies should ensure they have visibility across the multiple on-premise and cloud platforms that are used. Without this, organisations are taking “a reactive state” to security, with hidden risks everywhere.
Next, security teams must take into account the expanding definition of users, and also secure non-human identities such as RPA bots.
Lastly, agencies need to keep track of where sensitive data is moving. Classified data in secure databases may be moved to less-than-secure locations, often for legitimate reasons, Ku says.
An employee may run reports that are exported onto a spreadsheet, or a staff may copy and paste sensitive data into another presentation to update team members. Knowing who has access to these ‘crown jewels’, and where they’re being moved to, will be incredibly important.
With more governments moving to the cloud, an exciting future of agility and innovation lies ahead. Securing digital identities will be paramount to prevent malicious actors from thwarting this future.