Industry Report: Are you aptly protecting sensitive data in a cloud environment?

First Published on 31st January, 2019

Organizations need to reassess their respective data security and encryption strategy as they embrace cloud propositions and gear up for regulatory and compliance mandates, according to a new report.

 

Digital transformation today is being equated to an enterprise-wide, cross-functional undertaking, with key drivers being enhancing the customer experience, cutting down on operational costs and creation of new services or revenue streams.

Rather than just modernizing IT infrastructure, organizations are going deeper – right from the ownership to banking on cross-functional, collaborative groups for the entire organization to eventually gear up for playing an “infinite game”.

At the same time, as organizations plan to take advantage of cloud, mobile, social, and the Internet of Things, the rush to digital transformation is putting sensitive data at risk for organizations worldwide, according to the 2019 Thales Data Threat Report.

The report, based on a survey of 1,200 executives with responsibility for or influence over IT and data security, has stressed that shielding “sensitive data” is becoming increasingly complicated.

Dealing with intricate data environments 

The decision to focus on the cloud or multi-cloud environments is a part of the transformation being planned. Airlines are scrutinizing and even executing plans to embrace cloud transformation, banking on open-source offerings rather being bogged down by proprietary technology. Considering the complexity of the IT set up that this industry has, there are options available to integrate applications, data and processes across both on-premises and cloud environments. There are 3 models for cloud computing - Infrastructure as a Service, Platforms as a service and Software as a Service. Managing infrastructure and domain-specific IT systems for retailing, real-time data intelligence, running a digital asset on purpose-built, multi-cloud set up, payment optimization etc. are among the initiatives that airlines are undertaking to keep pace with their customers in digital economy.

But this shift is also being referred as a hurdle to working out apt data security action. This complexity is listed over other issues such as employee needs, budget issues and ensuring organizational go ahead.

The situation demands a thorough introspection. For instance, in order to ensure not even a single second of a shopper is wasted during the check-out phase, progress in this arena is being made in the form of regional cloud support, an initiative that can bridge the gap between an airline and a passenger irrespective of the location. So how such initiative would help? The fact that every second counts, payment specialists are curbing any delay in mobile load times. So it means every aspect of modern commerce needs to be studied in detail.

Recommendations from the report:

·          Cloud security must be seen as a shared security model between the enterprise customer and the PaaS, IaaS, or SaaS provider.

·          Enterprises must take on responsibility for ensuring data protections like encryption, tokenization, and masking within their environments or ensuring its protection when the data moves between SaaS applications or migrates to another application.

Other key findings listed in the report:

·          Concerns related to mobile payments include fraudsters using mobile payment apps for account takeover, new account fraud, exposure of PII, weak authentication protocols, and potential exposure of payment card information.

·          The main data security concerns around IoT include attacks on IoT devices, lack of frameworks and controls, and protecting sensitive data through encryption and tokenization.

·          Leading data security concerns regarding big data include sensitive data residing throughout the environment, data quality concerns, and privacy violations from internationally-originated data.

 

Hear from senior executives about data breaches at the upcoming ATPS (21st Century Customer Experience for Payments & Fraud - Airline & Travel Payments Summit) to be held in London (Brighton), UK  (7-9 May, 2019).

For more information, click here

Follow Ai on Twitter: @Ai_Connects_Us