Data protection for the cloud

The data protection program you’ve relied on for years won’t be effective as your organization moves to the cloud. If you’ve worried about this, as a security leader responsible for protecting data, you’re not alone. And the last thing you want to do is “lift and shift” your on-premise data security program to the cloud. 

This is the topic that Dr. Anton Chuvakin–Google Cloud’s head of security solution strategy–and I have developed into a white paper. 

Available today from the Google Cloud team, “Designing and deploying a data security strategy with Google Cloud” explores how to start a cloud-native security program from scratch or pivot a legacy security program with guidance on how to make the shift.

In this blog post, I wanted to highlight a few key points and considerations from the paper to keep in mind when pivoting your data protection strategy for the cloud.

Your cloud migration checklist

As you shift your data program strategy to the cloud, use the following questions from our white paper to help you prepare.

  • Is your data classification changing?
    • As data is moved from on-premises to a public cloud, you may need to reconsider how it’s classified and what level of protection is being applied to it.
  • Is your data lifecycle changing?
    • How does the cloud fit into your data lifecycle? Does your data lifecycle accommodate data that originates in the cloud? How are your data retention and data deletion policies affected by the cloud?
  • Are you adopting a single cloud or multi-cloud strategy?
    • Securing data in one cloud is one thing, but when that data is replicated across cloud platforms, it compounds the security effort. Make sure you are harmonizing security controls across platforms.
  • Can you leverage security controls in the cloud?
    • Some of the third-party security products and solutions you use in your data centers aren’t going to be effective in the cloud. Start an evaluation process of which tools need to carry over to the cloud and which ones can be replaced by native cloud security controls.
  • Have you created a data migration plan that includes data inventory?
    • The more data you’re migrating to the cloud, the more important this becomes. Understanding how data is moving to the cloud is critical to know how to apply adequate security controls to it.
  • How is data being stored in the cloud?
    • Data assets moving to the cloud may go into storage buckets, structured databases, a secrets manager, or other data stores. You need a security strategy for everywhere sensitive data is stored.
  • Do you understand any skills-gaps with your team?
    • Does your team have the necessary skills and certifications to implement cloud-native security capabilities? Prepare to invest in training as the cloud becomes more core to your infrastructure.

Protecting data in the cloud is different from the security controls used on-premises and in your own data centers. Google Cloud Platform (GCP) offers many native security services that are not only very powerful but easy to use and onboard by your team. Don’t fall into the trap of “lifting and shifting” your data protection strategy to the cloud. Leverage powerful controls in GCP to protect your workloads and you will be on the right track for a robust cloud-ready data protection program. 

You can learn more about how to prepare by reading our new white paper available today from Google at http://bit.ly/gcpdatasecwp.