Aggregating & Auditing Data from Multiple Cloud Services Using a DCAP Solution

Danny Murphy by   11.26.2018   Auditing

Accordingly to a recent report by rightscale.com, 93% of organizations are using cloud computing in some form or another. This is hardly surprising as cloud solutions are becoming increasingly more affordable and easier-to-use.

These days, companies can actually save money by switching to the cloud, as they don’t need to manage and maintain their own infrastructure, which would require hiring a specialized technical support team. Businesses can benefit from the flexible payment options, and any additional resources can be added or removed, as and when required.

Cloud computing facilitates better collaboration between team members, allowing them to edit the same files from anywhere in the world.

A particular concern that was discouraging organizations from utilizing cloud-based services, was that they were having to trust a third-party with their sensitive data. Technically speaking, this is still the case. However, regardless of where their sensitive data resides, it should always be encrypted – both at rest and in transit. Given how easy it is to encrypt data with tools that are available, the use of cloud-based solutions may even encourage better security practices.

First Thing’s First

Before we talk about auditing data in cloud, it is worth highlighting the importance of using data discovery and classification tools to streamline the process of migrating existing data to the cloud.

After all, most companies already have large amounts of sensitive information stored on their local network, and this data will need to be ported across to the cloud in a secure and efficient manner. It is unlikely that companies are going to want to port all of their data in one go. As such, they will need to establish a process by which to transfer their assets incrementally.

Assuming they haven’t already done so, they will need to discover and classify all of their data, to ensure that they know exactly what data belongs where. There are a number of discovery and classification tools available that can automate the discovery/classification process. Additionally, data loss prevention (DLP) solutions can be used to prevent unencrypted sensitive data from leaving the network.

Auditing in the Cloud

Historically, cloud-based solutions offered very limited native auditing capabilities, although such capabilities have greatly improved in recent times. For example, Amazon Macie – launched in 2017 – uses machine learning to discover and classify sensitive data, as well as identify access and authentication patterns.

This is great news; however, companies are still faced with a conundrum. Most organizations use more than one cloud solution, and keeping track of who, what, where and when, changes are made across multiple cloud platforms, will make it a lot harder for companies to gain the visibility they need to secure their data.

Not only that, but most cloud platforms do not provide real-time alerts and customizable reports – a necessary requirement for most data protection regulations. Dropbox provides businesses with an audit trail of how data is used over time, via an admin dashboard. It can provide basic information about active members, devices used, links shared and folders that have been accessed in the last 28 days. It can provide basic information about files that were updated or deleted, but not accessed or downloaded.

For companies that store sensitive documents in Dropbox, such limited auditing capabilities will simply not suffice. However, as with most popular web-based solutions, Dropbox provides application developers with an API (Application Programming Interface). Using the Dropbox API, developers can see what files were created, accessed, updated and deleted, and by who, where and when. This allows third-party cloud auditing solutions to provide a more detailed security audit, with more advanced features.

Whichever way you look at it, businesses who use multiple platforms, such as AWS, Dropbox, Office365, OneDrive, and so on, are going to need a Data-Centric Audit & Protection solution which can aggregate and correlate event logs from multiple sources, and display a summary of changes via a single intuitive console, as well as provide real-time alerts and detailed reports.