In the era of cloud computing, safeguarding data privacy is paramount for organizations of all sizes. We’ve gathered the top four best practices from industry professionals, including personal cybersecurity experts and software engineers. Their insights range from employing strong encryption practices to enforcing role-based access control and audits, offering a comprehensive look at privacy assurance in cloud storage solutions.

  • Employ Strong Encryption Practices
  • Implement Robust Encryption and Access Controls
  • Create Discrete Privacy Zones by Jurisdiction
  • Enforce Role-Based Access Control and Audits

Employ Strong Encryption Practices

We encrypt data in the cloud. We also prefer using zero-knowledge cloud solutions whenever we can. Although relying on cloud solutions can be challenging, employing strong encryption helps significantly reduce the risks associated with data privacy.

James WilsonJames Wilson
Personal Cybersecurity Expert, My Data Removal


Implement Robust Encryption and Access Controls

One of our best practices for ensuring data privacy when utilizing cloud-storage solutions is implementing robust encryption protocols both in transit and at rest. We use industry-standard encryption to safeguard data, ensuring that it remains secure throughout its lifecycle. Additionally, we enforce strict access controls, limiting data access to only authorized personnel and systems.

To further assure privacy, we conduct regular audits and compliance checks to align with data protection regulations. Our full-stack observability platform also includes monitoring features that continuously track and log data access activities, providing real-time alerts for any unusual or unauthorized access attempts. This proactive approach allows us to quickly address potential vulnerabilities and maintain a secure environment for our customers’ data.

Ashwini DaveAshwini Dave
Product Marketer, Middleware


Create Discrete Privacy Zones by Jurisdiction

One technique we use is to create different discrete privacy zones for our cloud solution. This means that we identify legal jurisdictions from a privacy standpoint and then locate multiple cloud resources in that jurisdiction. This ensures that we can still provide customers with high availability and fault tolerance without compromising data privacy (which would happen if we sent the data to a different legal jurisdiction).

For example, our European customers require that all data live inside the EU, so we located cloud resources in Ireland with backup in Germany. Similarly, our USA healthcare customers require HIPAA data to only be stored in the U.S., so we use Northern Virginia as the primary, and Ohio as the backup. Finally, India requires all personal data and financial transactions to reside solely in India, so we have two regions in Mumbai and Hyderabad. That way, data always stays in the correct region, even if disaster strikes and we have to failover to a backup location.

We also make sure that all storage in each region is encrypted at rest and all backups and snapshots are also encrypted at rest. Finally, all of the different regions have a unique set of encryption keys, so a person who can access the data in the USA cannot access the data in Europe, using the same key (for example).

Adam SandmanAdam Sandman
Founder & CEO, Inflectra


Enforce Role-Based Access Control and Audits

In line with the principle of least privilege, we strictly limit data access to only those users who are actively working with the data. This means that individuals who do not need access for their specific roles are not granted permissions, ensuring a tighter security posture.

Moreover, we implement a continuous auditing process to monitor who has access to what data. This ongoing audit helps us identify any unauthorized access or potential risks. Access rights are also subject to a renewal process that is determined by the sensitivity of the data. For instance, access to highly classified data is reviewed and renewed every 1 month, while access to less sensitive, normal data is reviewed every 6 months.

This approach ensures that access remains appropriate and that privileges are not unnecessarily extended, further safeguarding our data assets.

Siri Varma VegirajuSiri Varma Vegiraju
Software Engineer, Microsoft Corporation


Content You Might Also Enjoy