Houston, We Have a Public Cloud Problem

Nice to meet you all. I’m Ido Livneh, VP, Product at Laminar. I have been spending most of my time this year speaking with CISOs, CDOs (Chief Data Officers) and data protection leaders about their challenges in protecting data in modern public cloud environments, and I found some common themes that almost everyone is struggling with.a. The central issue reminds me of the Apollo 13 line, “Houston, we have a problem.” In this case, it’s data protection in the public cloud. Old workflows and solutions just don’t cut it anymore as the environment has changed.This key challenge led us to focus on an extremely valuable and novel solution for our customers.

We have benefited tremendously from our investor Insight Partners’ program — Insight IGNITE — which introduced us to hundreds of security and data protection decision makers. Speaking with these experts allowed us to validate the problem and solution. To perfect the product market fit, we wanted to utilize research and verification — not haphazard guessing. Which fits so well with another Apollo 13 quote by fight controller Gene Kranz, “Let’s work the problem, people, Let’s not make things worse by guessing.”

“Let’s work the problem ,people, let’s not make things worse by guessing”

Gene Kranz, flight controller, Apollo 13

Data is at the center of the cloud transformation

Enterprises now put data at the center of innovation. They understand that it is a key asset and a source of differentiation. They democratize it to unleash its full potential and make it accessible for developers and data scientists. Today, innovation happens in the cloud, and new applications run on cloud infrastructure. 

This cloud transformation is great for the business, but it also introduces significant changes to cybersecurity risks, workflows, and acceptable solutions. Recently, a train of Cloud Security Posture Management (CSPM) solutions addressed these changes for the actual infrastructure, the VMs, the boxes, etc. However, overwhelmingly, we found that data protection teams were left behind. The solutions they use and the manual processes they follow haven’t adjusted to this new environment, which makes their work much more challenging than ever before. Most data protection teams are blind to what sensitive data they have in the public cloud.

How the public cloud changed data protection

There are four major factors that significantly changed data protection in public clouds:

• A sprawl of tech and high complexity
  
  There are dozens of technologies to store, use, and share data in the cloud. They can be managed by the cloud service provider (AWS S3 buckets, Google Cloud Storage, Azure Blob Storage, etc.), IT (AWS RDS), and even developers or DevOps (database that runs on an EC2 or a Kubernetes node). Each one is configured and used differently. Each one introduces new risks. Not only are these new architectures complex and confusing, they are dynamic and constantly changing. Developers are now in charge and can spin up or copy an existing datastore in a matter of minutes.
• Data protection teams as business enablers
  
  Modern data protection teams don’t stop developers from making changes. They set guardrails to allow fewer mistakes. They do fewer architecture reviews as gatekeepers and more continuous monitoring and risk assessments as stewards. Therefore, data protection teams no longer assume they know where all the data is, but rather they are looking for a solution that allows continuous and automated discovery and classification.
• Data democratization and the pace of change
  
  Changes to the data are pushed to production at an astonishing pace. More and more developers and data scientists leverage data every day. This makes manual efforts ineffective. By the time they are completed, they are no longer true.
• No perimeter
  
  All data in the cloud is accessible from anywhere, given the right credentials or tokens. There’s no longer a single choke point to protect and monitor. Any data leak detection should be distributed and cover all channels of egress and the entire public cloud.

No visibility, context, accountability, or leak detection

The lack of proper solutions to address those changes made the work of data protection teams harder than ever before. They have limited resources to handle the increasing data risk, yet answering data protection questions is only getting harder. This can be split into four main problems:

• Lack of visibility: where’s my sensitive data? Who has access? How is it configured?
• Lack of context: what is this data? How did it get there? How is it used?
• Lack of accountability: who made these changes? Who is the process owner?
• Lack of leak detection: are my policies being followed? Are there any anomalies in data access and sharing?

“Be thankful for problems. If they were less difficult, someone with less ability might have your job”

Jim Lovell, Apollo 13 astronaut

A three-step approach towards public cloud data protection

These problems inevitably result in exponential growth of data leakage incidents in the public cloud. IDC recently reported 98% of all companies experience a cloud data breach within the past 18 months. Data policies are violated. Ensuring data privacy and compliance in the public cloud is a tedious struggle. To address that, we recommend that every organization take this three-step approach to Public Cloud Data Protection:

• Discover and Classify continuously for complete visibility.
• Secure and Control to improve data risk posture.
• Detect Leaks and Remediate without interrupting data flow.

The launch of Laminar was about the problem, the opportunity. Learn more about why Public Cloud Data Protection Needs a New Approach.