Data leak prevention for Google Cloud: Best practices with NetApp

The goal of any cyber defense strategy is to protect against data loss. That should be self-apparent, but in the maze of configurations, customizations, and countless third-party tools that protect your environment, it can be easy to lose sight of what you’re protecting. Your organization is constituted by the data it produces. Your task as an IT professional is to keep the data at the center of your strategy and to build a line of defenses around it that protect it from misuse, deletion, corruption.

Read on to learn some of our tips and tricks for averting data loss—and dealing with it when it does happen.

Before we talk about how to prevent data loss, we need to talk about what causes it. We can list the usual suspects: deletion (intentional or unintentional), power failure, software bugs, database corruption. Even natural disasters cause data loss. So let’s narrow down the list. Let’s focus on preventing data loss due to two specific cyberthreats: data leaks and data exfiltration.

Data leaks. Leaks happen more often than you might think. For example, take an incident in January 2021. A former employee of Ubiquiti Networks published stolen files to the web and demanded $2 million in ransom. That’s an enormous amount of money to shell out to a criminal organization, but any amount of ransom an attacker might demand pales in comparison to the value of the data they hold hostage. Overall, the event cost the company $4 billion in market capitalization and tanked their stock by 20%.

Data leaks happen when individuals, including employees, who have or gain legitimate access to a company’s systems intentionally steal and leak data. For example, a data leak might happen when an employee copies sensitive data onto a flash drive and shares it with competitors or posts it publicly.

Data exfiltration. This type of data loss happens when attackers from outside the organization hack into a company’s network and take control of the data by corrupting it, encrypting it, posting it on a public website, or just plain stealing it and selling it on the dark web.

For example, in April 2021, hackers gained access to the Quanta Computer network and leaked Apple product blueprints. They demanded $50 million in exchange for the data.

When it comes to data security, strategies commonly focus on protecting the network—building a very tall, very strong wall around the perimeter. This is a necessary component of data security, but keeping attackers out is one challenge; keeping data in is another entirely. To strengthen your security posture, you need to put the data first—focus on what’s behind the wall, not just on the wall itself.

So what does data-centric security entail? It starts with knowing and classifying your data. Ask yourself these questions: What does your data consist of? Where does it reside? How should it be protected? Who has access to it?

When you know all the details about your data, you’ll know what you need to do to keep it safe. If you need more guidance on where to begin, check out our security self-assessment checklist.

Unlike traditional security models that allow you to roam freely once you’re behind the security perimeter, a Zero Trust data-centric approach implements strict access controls inside the perimeter walls. On top of strong access controls to enforce the principle of least privilege (granting as little access to a user as possible according to their role), consistent updates to vulnerable operating systems and applications and user training are essential. For maximum security, continuous monitoring of data and user behavior are important. Suspicious users are automatically blocked and suspicious data is automatically quarantined.

Encryption, immutability, and indelibility are a must for maintaining data integrity. Encrypted data prevents attackers from sharing your sensitive data with competitors (or the entire world). If your data copies are immutable, attackers can’t infect them with malware or other viral threats. And indelible copies cannot be deleted.

Together, these capabilities render your data useless to a cyberattacker. The final key to a data-centric security solution is to maintain multiple, up-to-date backup copies that can be easily restored. These copies can be stored across storage types or in multiple regions. 

You can count on NetApp and Google Cloud to make sure that your sensitive data is not lost, misused, or accessed by unauthorized users—and is easily recoverable with no data loss if there is a successful cyberattack on your business. With NetApp^® Cloud Volumes Service for Google Cloud and NetApp Cloud Volumes ONTAP^® for Google Cloud you get:

• Rock-solid access controls at every step of the way in Google Cloud. Nothing is automatically trusted. Every request is verified.
• Encryption at rest and in transit, with optional customer-managed encryption keys for greater security.
• Write once, read many (WORM) storage to protect your data at the file level by making it unmodifiable and tamper proof.
• High availability (99.99%) with near-instant NetApp Snapshot™ copies that take up very little incremental space, enabling you to make frequent copies of your data to accelerate recovery.
• Automatic failover for nondisruptive operations and fault tolerance to enable zero RPO and 60 seconds or less RTO.
• Volume replication to replicate data from a Google Cloud volume in one region to a Google Cloud volume in another region. (With Cloud Volumes ONTAP you can efficiently and securely replicate data from Google Cloud to your on-premises NetApp storage or vice versa.)

Building a strong data loss prevention practice into your IT operations isn’t going to be without difficulties, but a strong push now can save you a lot of disjointed effort later. If you’re interested in learning more about data loss prevention and data protection from NetApp for Google Cloud, contact a specialist or check out more resources on our dedicated cyber resilience page.