When data becomes dangerous, and what to do about it
Cloud storage has grown massively in the past few years. Simultaneous to that, organizations have been routinely targeted with ransomware, sometimes on a daily basis.
Still, there’s so much more to go when it comes to the amount of data that needs to be moved to the cloud, according to Ed Casmer (pictured), founder and chief technology officer of Cloud Storage Security, a company dedicated to solving the security and compliance challenges surrounding data storage in the cloud. So when does data become dangerous?
“I would just start by considering all data dangerous,” Casmer said. “But there are three particular cases to that. One is when the data is unknown, another is when it’s riddled with issues, payloads, you know, malware, and another is when it falls into the wrong hands.”
Casmer spoke with theCUBE industry analyst Lisa Martin at the “Cybersecurity” AWS Startup Showcase event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They dove deep into how data becomes dangerous and discussed how to ensure data is safe to use. (* Disclosure below.)
The three challenges
When it comes to challenges around data being unknown, sometimes it means that organizations really don’t have a clue about what data they have in their environment, according to Casmer. There may be certain data paths, but outside of those paths, the organization really doesn’t know what data they have.
“If we talk about the second piece there, being riddled with payloads, the notion there is the stats prove to us and show to us that one in two organizations are being attacked by ransomware on a daily, weekly or monthly basis,” he said. “That is really frequent.”
The third piece, involving data falling into the wrong hands, is typically a configuration issue. It’s not as though someone has compromised a system and isn’t always just a brute entry into the environment, Casmer noted.
“It proves to us by saying, what data is being compromised? What data is being lost to customers? And it was really interesting findings that we worked with [Enterprise Strategy Group] on, and it’s about a third of the customers losing it from file stores,” he said. “Whether these are network file shares or these are block storage attached to computers, 34% of organizations are losing information from data lakes.”
The number that might not be as surprising is that 42% of organizations are losing information from their software-as-a-service applications, according to Casmer. That’s whether it’s the SaaS application being compromised or how it’s been configured.
“They’re losing data. So, it’s a wide array of where people are losing their data,” he said.
On business and security
When it comes to the three classifications of data becoming dangerous, there are various business and security challenges at play. The first involves the notion of how people have adjusted to the cloud in general, according to Casmer.
“We focused on compute in the early days, but now we have to focus on storage as well. When we look at the business challenges, we’re looking at areas where data proliferates massively,” he said. “Whether that’s backups now that are being pushed to the cloud, it’s the notion of having infinite resources versus finite resources on-prem, where you couldn’t just make tons of copies of data and put it in places because you didn’t have the places to put it. Now you can.”
The security team is now focused on data as much as they were on compute, according to Casmer. Where there was shadow IT before, now there is shadow data.
“It’s easy to make a copy of a production database and put it someplace to start running reports against and doing more activity against,” Casmer said. “But it’s very hard for the security team to understand who’s done what with that data and how you’re securing it.”
In the end, much of this comes down to how business and security teams work together to push back against the dangerous nature of data. What that means is the company is seeking ways to empower both the business side and the security side, Casmer explained.
“The business side wants visibility; the security side wants control. So, how is Cloud Storage Security helping with that? Well, we provide a tool that locates the unknown data,” he said. “You get that notion of, there is no more unknown data because you can find everything across all of your infrastructure.”
The company makes sure that the data is safe to use but is also classifying it and ensuring it is not too sensitive. Of course, there are multiple ways to lose data, including the configuration aspect.
“We’re giving you a best-practices review of all of your data stores to say, ‘Are you doing the right things with that data?’” he said. “With a little bit of visibility, a bunch of control and a bunch of scanning or touching of that data to really tell you what you have, we can help those organizations solve both the business requirements, as well as the security requirements.”
Here’s the complete video interview with Ed Casmer, part of SiliconANGLE’s and theCUBE’s coverage of the “Cybersecurity” AWS Startup Showcase event:
(* Disclosure: Cloud Storage Security sponsored this segment of theCUBE. Neither Cloud Storage Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU