Table of Contents
Share this entry
Missed our recent webinar? There’s an on-demand recording available for our “Pillars of Cloud Security: Locking Down Crown-Jewel Data in the Public Cloud” webinar.
On June 25, we hosted a webinar with Eric Kedrosky, Director of Cloud Security Research and CISO of Sonrai Security, and Dan Woods, Principal Analyst at Early Adopter Research. Our cloud experts offered best practices for you to secure and lock down your crown jewel data in the public cloud.
This webinar is a part of a series covering the cloud security principles including:
- Get to and maintain least privilege. Eliminate all identity risks in your cloud.
- Lock down your “crown-jewel” data
- Shift left by integrating your security, cloud, audit, IAM, and DevOps teams
- Prevent and fix problems fast
As organizations shift to a modern environment, each of these cloud security principles become important in providing data and identity security in the public cloud.
What is “crown-jewel” data?
Every organization has data which is vital for its organizational growth. An organization’s “crown-jewels” are assets of great value that would cause major business impact if compromised. It does not necessarily mean a data breach. They might include:
- Customer data which is used by the organization
- Business-critical documents, including strategic plans and agreements
- Documents or information that are subject to regulations, PII, HIPAA, PCI, and more
- Intellectual property (IP), like a product designs, technical specs, and patent info
Data is more prevalent in the cloud. Identities are serving as the new perimeter. Organizations are now considering data to be their crown-jewel.
Why you should worry about sensitive data
Organizations must ensure that their sensitive data is always protected. Reducing risk, protecting crown-jewels and getting unprecedented coverage and visibility across your enterprise environment is challenging.
There is unacceptable, and invisible, risk related to identities. The ability to create dynamic workloads and access to resources is extremely powerful. It is the basis for cloud-native computing and it comes with tremendous complexity and risk. Tens of thousands of identities and thousands of roles are commonplace. You should ask yourself, “Do I know what each one truly has access to?”
Protecting your crown-jewels is important. AWS S3 bucket exposures are just the tip of an iceberg. Your DevOps teams create workloads that utilize a plethora of data stores fit for a purpose like, RDS, DynamoDB, CosmosDB, and many, many others. This is where your most precious ‘crown-jewels’ are stored in a variety of locations. You really should ask yourself, ”Am I sure I know where all our data is?”
We see companies struggle with the complexity of having to coordinate between the security, cloud, audit, and devops teams. First generation tooling delivers a phenomenal amount of alerts to the wrong teams who don’t know what to do with them.
You need to fix it fast, if you find something. You need to be able to see around all your clouds and into different components, like your HashiVault secret store.
Who is responsible for data in the cloud?
The simple answer, you are responsible for securing your data in the cloud. Period.
In terms of base configurations, services and features, CSPs have really come a long way to help you secure your data. Ultimately, it is up to your organization to properly implement, configure and add controls to those cloud configurations to protect your data.
Security and compliance is a shared responsibility between CSP and the customer. This shared model can help relieve the operational burden as CSPs operate, manage, and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.
Check out the hour-long webinar, to answer some questions like those above and including :
- What is the best way to discover and secure “crown-jewel data”?
- Does classification matter for identities and data?
- How can preventive controls help?
- What is the best way to “lock down” access?
- How can you extend monitoring to all data, resources, and microservices?
- What are some real-world examples of success (and failure)?
Sonrai Security can help.
Focused on identity and data protection inside AWS, Azure, and Google Cloud, Sonrai Dig delivers an enterprise cloud security platform to protect your top priority data. Sonrai Dig can show you all the ways data has been accessed in the past and can be accessed in the future to help you meet data governance best practices. Including activity and movement across cloud accounts, cloud providers, and third-party data stores, our platform delivers a complete risk model of all identity and data relationships.
Sonrai Security enables you to protect the “crown-jewels” by continuously monitoring critical data inside object stores and databases. You can constantly see where your data is, its classification, what has access to your data, and from where it was accessed. You can see what has accessed your data and what has changed in your cloud. Sonrai Security can help with identity security and identity access management across your public cloud.
THE ARCHITECT
The Newsletter for Cloud Security Leaders. 1x a month.
Get a Comprehensive Cloud Identity Audit
Request Your AuditSonrai cloud security platform, products and services are covered by U.S. Patent Nos. 10,728,307 and 11,134,085, together with other domestic and international patents pending. All rights reserved.