Ad Image
Cloud Data Privacy and Security Challenges Part 5: Cloud Data Privacy & Security Best Practices

Cloud Data Privacy and Security Challenges Part 5: Cloud Data Privacy & Security Best Practices

- by David Loshin, Expert in Data Management

This roadmap would be incomplete without suggesting guidelines and best practices for enhancing organizational cloud data security and supporting compliance with data protection and data privacy laws. Addressing the enumerated challenges requires a combination of processes and technologies that support operational tactics for monitoring auditable compliance. These best practices include (but are not necessarily limited to): 

  • Establish a data governance framework: Institute a data governance framework that supports the management of the standardized definitions, the specification of data policies governing observance of the data privacy laws, and operationalizing data policy compliance. This framework will help in balancing the gaps between the business data consumer, the legal and compliance teams, and the data management practitioners. 
  • Assess compliance directives: Every organization must be aware of the extent of their responsibilities for regulatory protection of personal information. The data management team must work with the legal & compliance team to identify the privacy laws that the organization needs to comply with and to survey the scope of the directives embedded within those laws that impact operational data protection. 
  • Clarify definitions: Because of the variation in the terms and their definitions across different data privacy laws, it is critical to maintain precision and accuracy to ensure that the right information is being protected. Scrutinize the key data concepts and how they are defined within the laws. Establish a repository of terms along with their definitions that can be shared among all the data practitioners and the business data consumers. 
  • Devise sensitive data classifications: A data element that is protected under one law might not be subject to protection under a different law. At the same time, some laws may differentiate between “personal” data and “private” data (and require different treatments of those data concepts). Provide specifications and standards for classifications of different types of sensitive data covered under each of the source laws and link those classifications to the contexts and actions associated with the corresponding source compliance directives.
  • Classify data assets: Devising a classification scheme can simplify the ways that data protection can be enforced. For example, assigning a classification of “GDPR-private” to a column in a specific database indicates that the database column’s contents are protected under GDPR. Survey the details of the data landscape and classify data elements and data assets according to the defined classification schemes. 
  • Define data protection policies: A logical formalism for defining data protection policies allows your organization to translate those logical policies into the formats for target systems (such as a RDBMS, a NoSQL data environment, or a cloud-based data warehouse). Work with database vendors and cloud computing providers to determine the best way to implement logical data policies within their operating frameworks. 
  • Minimize data capture: The more data that is collected, the greater the risk of inadvertent exposure. If possible, limit data collection and data persistence to those data items that are necessary. 
  • Compose methods of data access control: Establish a control framework for accessing protected information and limiting access to authorized data consumers. The traditional approaches such as role-based access control (RBAC) have streamlined data protection by restricting access based on assigned roles. However, the classification schemes for data sensitivity can be adapted to employ attribute-based access control (ABAC), in which role privileges are mapped according to classification attributes and tags. Mapping roles to data classifications simplifies ongoing management of access control privileges, especially as individuals take on different roles within the organization. 
  • De-identify data: Unauthorized viewing of sensitive data attributes can be modulated by de-identifying the data, either through masking and anonymization (in which the values are irreversibly transformed into unreadable characters) or through encryption (a transformation that can be reversed using an encryption key). Masking or encrypting data at rest within cloud data stores or in motion across cloud data pipelines helps to reduce risks of inadvertent exposure. Leverage native identity access management. Cloud service providers have native identity management processes for authentication and assigning access privileges that can provide an additional layer of protection.
  • Perform vulnerability assessment: Assess systemic vulnerabilities using penetration testing. Identify susceptibility to breach or exposure and work with the cybersecurity team to harden the environment as much as possible.  
  • Educate your staff: Provide regular training on critical aspects of each individual’s role in protecting sensitive data. 

David Loshin

Expert in Data Management

Recognized worldwide as an information management thought leader, David has popularized best practices for business intelligence, data governance, performance computing, master data management, predictive analytics, and data quality. David is a monthly columnist for TechTarget and frequently presents at The Data Warehousing Institute World Conferences, Enterprise Data World, the Data Governance and Information Quality conferences, and web-based seminars.

Latest posts by David Loshin (see all)

Expert in Data Management

Tagged

Top Posts & Pages

  • The Future is Now: It’s Time to Lead, Not Wait to React

    The Future is Now: It’s Time to Lead, Not Wait to React

  • Data as a Business Weapon: How Your Competitors Are Using Data to Crush You and How You Can Fight Back

    Data as a Business Weapon: How Your Competitors Are Using Data to Crush You and How You Can Fight Back

  • From AI to Digital Transformation: The AI Readiness Framework

    From AI to Digital Transformation: The AI Readiness Framework

  • Should the Data Governance Manager be Responsible for Implementing an MDM Tool?

    Should the Data Governance Manager be Responsible for Implementing an MDM Tool?

  • AI is More Than ChatGPT

    AI is More Than ChatGPT

  • Finding Gold in the Glitches

    Finding Gold in the Glitches

  • From the TARDIS to the Bowling Alley: How Would Fiction’s Greatest Heroes & Villains Judge Our Real-World AI Revolution?

    From the TARDIS to the Bowling Alley: How Would Fiction’s Greatest Heroes & Villains Judge Our Real-World AI Revolution?

  • How Lotus 1–2–3 Changed the World

    How Lotus 1–2–3 Changed the World