The Secret to Stopping Human Error is Automating Cloud Governance
Solutions Review’s Premium Content Series is a collection of contributed articles written by industry experts in enterprise software categories. In this feature, ALTR CEO James Beecham offers commentary on how the secret to combating human error is automating cloud governance.
The White House has called for a major overhaul of its cloud computing systems, citing the existential threat of data breaches. The causes of data loss include mis-configured settings, human error, system failures, and malicious attacks by hackers and rogue nation-states. When privacy regulations cover 75 percent of the world, a breach has severe consequences. Data loss incidents can lead to financial loss, damage to reputation, and legal issues that could put organizations out of business or lose the trust of stakeholders, investors, and customers.
Cloud and artificial intelligence (AI) technologies can facilitate work efficiency, but they put organizations at risk without proper data protection measures. Government regulation of cloud services can help mitigate the impact of human error, but it may not address the human tendency to take shortcuts. If we want to stop cloud data breaches, we should automate access controls.
Human Error & Automated Cloud Governance
The Problem is Not Really Human Error
Daily misconfiguration breaches used to plague public cloud service providers, but companies like AWS and Microsoft now help administrators understand when a misconfiguration might occur and alert users. Today, people rarely leave open cloud or data center-delivered services on the public Internet. But configuration mishaps and mistakes are caused not by ignorance but by human tendencies to prioritize speed and efficiency over thoroughness.
Government agencies may mandate changes to Infrastructure-as-a-Service (IaaS) offerings, but placing the security burden solely on cloud providers is a false hope. Every regulated industry continues to have problems. In healthcare, for example, HIPAA regulations have not prevented the loss of patient data. Earlier this year, the Department of Health and Human Services reported that healthcare data breaches grew from 2012 to 2021. With all these controls in place, human error and the desire to take shortcuts will still exist.
Security Automation is Essential
The flexibility and freedom of the cloud can lead its users to make unsafe decisions with their data and systems. Cybercriminals and hostile nation-states can use the scale, innovation, and flexibility of these technologies to launch attacks and hide from defenders. Bad actors don’t need to deliver secret information in person; they can simply send a message within a popular gaming site where millions of people are actively chatting and playing. Remember, Bin Laden used a Microsoft email server to hide his communications for years. Are we going to overhaul and regulate email servers?
Security must understand what the end-user wants to do, identify the manual tasks required, and perform those tasks for the end-user. For example, computers are very good at performing repetitive and detail-oriented tasks. A program can scan all the ports on a cloud firewall and report the open ones, allowing a human to take corrective action.
Big Data Demands Automated Access Controls
Automation is especially important in controlling access to sensitive information. Data that used to live in silos is being merged into a single pool. That’s good for business because an extensive database or repository makes it easier for analysts to run queries and gain insights from the accumulated data. It’s also bad because security must now replicate barriers and segment data within cloud platforms; it was easier to secure separated systems.
The complexity increases because people want direct access to information for work. It’s easy to add users and data when data sets are aggregated in a cloud-based platform like Snowflake. But you increase the risk of human error when you give users access to that data. An administrator could try to take a shortcut, such as granting access to the entire database, rather than limiting the permissions to a specific user or a specific data set.
We need automation to check what’s in place and respond quickly. For example, if an analyst makes a mistake when creating a new data model or user group, security should flag the problem. It should prompt the user to review the process or block steps if something doesn’t look right.
That’s fine for smaller organizations with dozens or hundreds of users. Large organizations must manage secure data access for thousands of users at a time. The need for “real-time” performance is greater. When a service slows down because of security features, the answer is usually to turn off security. It’s just another way to take a shortcut.
Scaling Data Governance and Protection
Automation eliminates these problems and provides the speed that data teams need. Some data governance platforms today allow data teams to classify data types, apply controls, and automatically block access as data moves into Snowflake. Role-based controls and masking policies ensure users have only the level of access they need to do their jobs. A marketing specialist may need a customer’s full email address, while an analyst needs to know how many people are using the Gmail domain.
Policies can set time or capacity limits on data access or restrict viewing to only a portion of a data set. When sensitive data is accessed, administrators can receive an alert and determine what data is being used, by whom, when, and how much. Just as fast, they can revoke privileges if an activity violates the policy. This automation scales governance, security, and privacy for organizations of all sizes.
Now more than ever, governments are holding companies accountable for the security of their data. As privacy regulations increase, automating governance at scale could mean the difference between profit and pain for organizations. Data teams would be far more successful if they could easily provide and manage access for many users at once to facilitate collaboration while preventing breaches. Sure, people can forget. But the best way to prevent mistakes and costly shortcuts isn’t more regulation: it’s making sure security is turned on when you need it.