COMMENT
In 2023, important data privacy regulations and laws have developed at the federal, state, and international levels. The US Federal Trade Commission has taken a comprehensive approach to safeguarding health, biometric and children’s data; seven US states have adopted privacy laws; and the European Commission has adopted the EU-US data privacy framework regulate data flows from the European Union to the United States.
To meet these standards, businesses must evaluate their data privacy policies and improve safety where necessary. This includes reviewing data storage strategies, securing access to external networks, and implementing data plane security techniques.
Review data storage strategies
A solid data storage strategy involves two key elements: data retention and access control. Companies should establish data retention policies that store information for the shortest time possible: keep data only for as long as legally necessary and then delete it securely.
While many organizations choose to retain valuable data indefinitely, it is important to determine what data to delete after the retention period ends. Non-critical or obsolete data that serves no purpose should be deleted to maintain data efficiently and bring order to storage systems.
To effectively manage data retention, ask yourself whether specific data needs to be retained and whether data needs to be anonymized to improve security (even when it is not required by law). Answering these questions helps identify and eliminate outdated or redundant data, preventing misinformation that could lead to biased decision making. Regularly reviewing your stored data can help you maintain responsible data retention practices.
Controlling how data is accessed and by whom is just as important as how it is stored. To prevent unauthorized access, implement the following best practices:
-
Apply role-based access controls to identify, verify, and authorize users based on their organizational access levels.
-
Monitor and log data access, tracking who accesses what information and when.
-
Adhere to strong password policies and ensure users never share credentials.
-
Implement least-privilege and just-in-time access.
-
Automatically revoke user permissions after task completion.
Organizations must continually evaluate their storage strategies to maintain the integrity and security of stored data. Balancing the need for data retention with strong access controls safeguards sensitive information and promotes trust and reliability in data management practices.
Secure access to external networks
Businesses often need to grant data access to various Software-as-a-Service (SaaS) products to improve data processing and analysis for informed decision making. However, some may hesitate to do so for data security reasons. To meet security and compliance standards, businesses need both complete control over their data and a secure method to grant access to their network.
To solve this problem, an architecture known as “bring your own cloud” (BYOC) has emerged. BYOC allows companies to implement the data plane of a vendor’s software stack within their own environment. This eliminates the need to send data to a third-party vendor’s cloud for processing, reducing your attack surface and keeping data security in your control. Meanwhile, the control plane manages the back-end services and operates within the provider’s cloud environment. To achieve a high level of security, use application programming interfaces (APIs) to establish secure connections to the BYOC data plane.
However, BYOC presents some challenges. Enterprises are often reluctant to open inbound ports and make configuration changes to virtual private networks (VPNs), virtual private cloud (VPC) peering, private link services, and firewalls to grant vendors access to the BYOC data plane on their networks. Such changes require extensive security reviews and approval from various stakeholders, including the company’s NetOps and SecOps teams, which often takes weeks or months to complete.
To simplify network access, providers must connect securely without requiring companies to change network configurations. To achieve this, they must define access to data planes with clear authentication policies, including mutual Transport Layer Security (mTLS), Internet Protocol (IP) restrictions, OAuth authentication, SAML, OpenID Connect, and JSON Web Token (JWT). Additionally, they must ensure that companies limit network access to authorized traffic from their environments.
Implement data plane security techniques
The data plane processes and forwards data packets within and between cloud environments. It efficiently manages packet forwarding, routing decisions, and data flow across the network to meet the needs of cloud applications. Strong security measures are needed within the data plane to prevent data breaches and unauthorized access. Encryption, an intrusion detection system (IDS), and packet-level authentication (PLA) are three critical security measures that help maintain data integrity and confidentiality in cloud networking.
Cryptography it is a crucial security measure that encrypts data, making it accessible only to those who have the correct encryption key. Encrypting data keeps it confidential during transmission within cloud networks and protects it from unauthorized access attempts.
An IDS monitors network traffic and identifies potential threats by analyzing patterns and behaviors in network activity and promptly alerting administrators to suspicious activity. To accomplish this task, it can use predefined signatures to identify known patterns of malicious activity or anomaly detection to identify deviations from normal network behavior, enabling rapid responses to protect data.
PLA uses public key cryptography to digitally sign large streams of data, allowing network nodes to verify the authenticity of packets, even if they have no pre-established trust association with the sender. Prevents potential network damage by quickly detecting and discarding modified, delayed, or duplicate packets.
Meet data privacy challenges head on
Compliance with regulatory changes will remain a top priority for organizations as these regulations evolve. Gartner Projects that by 2025, privacy regulations will expand to cover the personal data of 75% of the world’s population. To adapt to this changing landscape, companies must take proactive steps to improve the security of their data. Using secure data storage strategies, hardening access points to external networks, and implementing data plane security techniques can bring them into compliance and future-proof their data privacy efforts.