Handling sensitive data has always come with its challenges, but it certainly hasn’t gotten any easier in 2021
Organizations that center around confidential and privileged information – like law firms, financial services, accounting, and other knowledge worker-heavy businesses – continue to be popular targets for cybercriminals. It’s a safe bet that none of these organisations wants to become the “Colonial Pipeline” example within their own particular industry, getting temporarily crippled by ransomware and becoming a national poster child for just how damaging a breach can really be.
Alongside these ever-increasing concerns around protecting data from external bad actors, there is the rising danger of insider threats. Additionally, there is the added burden of ensuring that data is properly governed and in compliance with the numerous new laws and regulations that are the hallmark of highly regulated industries.
It’s increasingly clear that cloud automation must be a key part of the cloud service providers in these knowledge work sectors. Why? Because live customer data must never be compromised, and automation is a way towards that goal.
Automating Out the Weak Link
An old productivity axiom tells us that “If you have to do anything more than once, automate it”, but automation has an equally important role to play on the security side of things.
Here’s why: In recent years, the zero trust security model has become a foundational aspect of many cloud service providers. At its heart, zero trust is the idea that the best way to secure a network is to assume absolutely no level of trust. The zero trust security framework challenges the idea of trust in any form, and that includes trust of networks, trust between host and applications, and even trust of super users or administrators.
So far, so good. But here’s where we run into a bit of a problem: A zero trust framework is only as good as the number of people who have direct access to sensitive data and the ability to “lay hands” on the information.
This means that more than just having a zero trust framework, there needs to be a strong emphasis on zero touch – and automation is a way to achieve that.
Take Risk Off the Table
New forms of automation help remove the human from the equation so that there is no way to access sensitive customer data, creating a “hands free” zero touch environment.
For example, server patching and server maintenance are routine aspects of keeping a cloud operational, secure, and performant. There is no good reason why these functions shouldn’t be automated, since they are done on such a regular basis.
While having a super user or administrator go into the system manually to do some troubleshooting or run a patch is certainly possible – and likely a low risk scenario – why not take risk off the table entirely by automating that process?
Likewise, if a customer routinely needs to collect information on their data – perhaps at the end of every quarter, for reporting purposes – why not develop a forensic app or tool that can be pushed into the production environment to gather the data? Not only does this streamline the task through automation, it removes the security risk of having an admin use a keyboard to manually run queries against the customer data.
As long as there is a human being who has hands-on access to the servers where services are running and customer data is located, there will be a potential for security issues, which only strengthens the case for an automated zero touch approach.
Just One Question
So, why don’t more organisations take advantage of this automation? In many cases, the key culprit is a lack of investment in the necessary tools by cloud service providers. Simply put, a zero touch approach is not something that can be retroactively bolted onto a cloud. The cloud has to have been specifically designed and architected with zero touch in mind – and not all cloud service providers had that foresight when designing their cloud platforms.
It’s a shame, because there are many advantages to this automated approach beyond security. Namely, it spurs greater organisational efficiency and enables IT to devote more of their time towards innovation, which in turn benefits the customers they serve.
For legal, financial services, accounting, and other professional services organisations who desire not just greater security for their data, but greater innovation on the part of the vendors they do business with, then, there is really just one fundamental question they should ask: Is automation part of their cloud service provider’s toolkit?
The answer to that question should provide clarity and guide the way they move forward in an increasingly complex and challenging landscape.
About the Author
Chris RuBert joined iManage in 1999 and heads up iManage cloud operations, service delivery, and global support. iManage is the company dedicated to Making Knowledge Work. Its intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business content and communications.
Featured image: ©FunTap