Data Security Amid the Pandemic: Getting It Done vs. Doing It Right

There are decades where nothing happens; and there are weeks where decades happen

The lines above feel like a good description of the past year and a half.

Paradoxically, while most of us were locked away with little to no movement, enormous change was surging through the global infrastructure we were relying on. Industry experts claim that we vaulted almost five years forward in consumer and business digital adoption — in a matter of around eight weeks.

In the fall of 2019, most of us would have scoffed at anyone predicting such speed of tech adoption in the next seven months. Yet here we are.

Hasty Migration = Recipe for Data Security Risk

One of the prevalent topics of discussion among the C-Level executives is how quickly they had to respond to changing business requirements. The slow and steady model of carefully crafted pilots — after much research and experimentation — was swapped with the ‘make-do’ approach with what was available.

More so for the remote workers and road warriors. The respondents of a recent survey that featured 899 C-level executives and senior managers across multiple functionalities, verticals and regions stated that they were able to roll out new solutions almost 40X faster during the pandemic than they would have under normal circumstances.

Organizations took an average of 11 days to implement what their employees expected to have taken a year otherwise. If a fix could keep the business moving without breaking the law, it was greenlit.

The sheer pressure to keep the lights on left no time for lengthy planning cycles or comprehensive proof of concept testing. Businesses that had avoided risks were forced to strike compromises to get the job done. But at what cost?

More than half of such organizations found themselves firefighting as they were charged with introducing short-term fixes to tech-centric requirements. Nearly two-thirds agreed to have moved forward with data transfer projects that would have taken multiple rounds of considerations and work under the pre-pandemic conditions.

Let’s look at the top three activities that you might want to revisit and see if you got it right.

1. Rushed Cloud Adoption

Cloud migration undisputedly has been the face of change during the pandemic. However, speed and security are hard to balance for such operations. It’s always one at the cost of other.

Most businesses barely got any window for proper addressal of the security dependencies prior to deployment, picking whatever security solutions they considered were best of the breed. A good chunk of them were also under the impression that the onus of data security and compliance rests with the CSPs.

End result? A lot of issues were addressed on ad-hoc basis.

Numbers from a recent assessment state that 40% of the respondents observed a rise in cyber-attacks amid the pandemic, while 32% cited relying on their CSP’s security services to address security management for their assets in public clouds. So much for moving cloudward?

2. Data Security Got Left Behind

Hackers do not discriminate between the data that resides on-premises and the one in the cloud, and neither should you when it comes to data security. Data encryption is your most vital line of defense.

Most organizations built their tools and processes for data security with an on-premises approach. Eventually, when the data and applications leaped from the data centers to the cloud, data security often got left behind. To add to it, cloud migration happened at a much faster rate than cloud data security initiatives — given the sheer amount of data being generated across every sector.

If numbers are to be believed, an alarmingly low number of businesses encrypt all their data and backup in the cloud. Probably because encryption and key management can be a complex undertaking for many — given that skilled personnel with expertise in both cloud platforms and security are tough to find.

Nevertheless, with high profile companies such as Zoom getting fined a hefty $85 million for falsifying their sub-par encryption, it is safe to assume that businesses are waking up to the importance of it.

3. Key Management Got Lost in Translation

Key management (KM) also made to the list of overlooked activities — at least the ideal way of doing it. Businesses usually lean on multiple KM products that include but are not limited to key management software, hardware security modules (HSMs), homegrown solutions, and flat files.

However, the rise in the number of digital services led to an explosion in the volume of sensitive data collected by enterprises. That coupled with the shortage of skilled workforce, services, expertise, and awareness, led to a half-baked implementation of it.

Comprehensive key management guidance also remains a rarity.

KM in the post COVID world order needs to scale with the cloud, and most traditional HSMs are very static in nature to do so. Agility, availability, cloud service integrations are the bare minimums for a KMS, to begin with.

Is Your Data Security in Line with the Cloud-First Landscape?

Why are we so assertive towards an iterative approach to digitization? Primarily because it helps contain any potential compatibility issues with legacy data security solutions. Activities such as cloud migration are more prone to errors and inconsistencies when you jump the gun, and even more when they are backed by legacy systems that were never built for cloud compatibility.

Need of the hour is a data security solution that is built on cloud-first principles to help you thrive in a cloud first world.

That is precisely the value that Fortanix DSM SaaS brings to the table. A comprehensive data security solution delivered as a service. 

Fortanix DSM SaaS is a single integrated solution that includes every facet of data security including secure key management, tokenization, cloud key management, secrets management, encryption and HSM services — minus the infrastructural management and logistical hassles.

The first and only multicloud data security service certified to the rigorous FIPS 140-2 Level 3 security standard that covers all your data security use cases including: 

use cases

And much more — at the click of a button. 

I strongly encourage you to join our experts in an invite-only webinar as they discuss the industry trends and the importance of revisiting your data security strategy and adopt a much simpler, cost effective and easy to use SaaS based model.

You can read the datasheet here.

dsm saas

Share this post:

Get our blog updates in your inbox: