Anthos and Istio Make Data Loss Prevention a Breeze
Data exfiltration and loss is a nightmare that keeps business owners and security personnel up at night. Compromised integrity in business’ data can quickly bring them to their knees in terms of cost and reputation. Fortunately, Google’s hybrid-cloud platform, Anthos, offers solutions designed to prevent attacks and instill confidence in data security.
There are three main concerns when it comes to data loss prevention: compliance, privacy, and security. Anthos provides digital services that address all three areas. Additionally, open-source software Istio adds enhanced monitoring and safety.
The basics of how Anthos and Istio aid in compliance in data loss prevention
While most regulations focus on securing data attached to persons such as health information and payment details, compliance isn’t as simple as relegating that information to a digital version of an impregnable vault. Doing so would compromise the ease of access for those who need to access such data for legitimate purposes.
A first step toward securing this data is identifying it. Doing so manually when large amounts of data are stored across several virtual machines can be tedious, however. Anthos provides data discovery services that scan cloud resources for information that fits within regulatory parameters for compliance issues.
Once the specified data is identified, Anthos can assist in the migration of that information to systems designated to provide the desired regulatory security, should it not already exist within those components. That’s a process that Istio aids in as well.
At its most basic level, Istio is a service-mesh layer that connects and monitors containers in a Kubernetes cluster. Such a layer ensures that the communication of sensitive data between services abides by compliance protocols regardless of the amount of information or the rate of transmission. For example, when services like digital wallets communicate protected data like customers’ addresses, Istio ensures those services maintain their predetermined configurations set up according to the appropriate regulations.
While compliance tends to focus on privacy concerns for individuals, the scope of privacy for data loss prevention expands to business’ proprietary information. Once again, Anthos and Istio provide solutions for those concerns.
Protecting privacy with Anthos and Istio
Another crucial component of data loss prevention is ensuring that only those individuals and services who have a legitimate need to access data are able to do so. These concerns go beyond mere regulatory structures to protect the information vital to business operations.
In addition, another privacy concern is that of the individuals and services accessing data. For example, systems built to perform marketing surveys over the Internet are capable of capturing many data points about respondents. Therefore, it’s important to be able to filter the useful data while shielding the non-pertinent data from those who have no need to access it.
Anthos and Istio combine to handle both of these privacy concerns simultaneously. Anthos transforms data to prevent the bits that can lead to the identification of persons from being transmitted while preserving the points of information that businesses can use. It also enables businesses to store data in a “zero-trust” environment that enforces privacy protocols regardless of when or where attempts at accessing data occur.
Because Istio is added onto the already-existing Kubernetes clusters, Istio further protects privacy with strong authentication policies. It uses both role-based access control and manual transport layer security to ensure that data is only accessed when and by whom the information’s rights holders specify.
Coming at privacy from the other angle, Istio enhances data transformation by automating the enforcement of rules for communication between clusters. There’s no risk of private information being exposed in processes when those processes never have access to private data in the first place.
The third component of data loss prevention is probably that which most readily comes to mind when the topic is discussed. Security is a broad term but Anthos and Istio have it down to a science.
Anthos’ and Istio’s DLP services enhance security for all
Most business leaders probably only think about protecting their information from attacks or misuse when they talk security. Security, in this context, is a larger term. For example, exposed code may include information that personnel use to access business’ systems.
Another security concern is protecting systems from intentionally corrupt data. Anthos’ data scanning and transformation capabilities are again useful in this regard, but it’s not the whole picture for how Anthos aids in security. Anthos uses application programming interfaces in Kubernetes that verify data and allow users to set parameters for where and when that data appears to users.
Istio builds on that security with its Mixer monitoring component. That enables finely tuned control over all interactions between clusters and insulates containers from receiving data that is meant for other clusters with directed, enhanced protocols.
There’s perhaps no industry more invested in data loss prevention than the financial sector. The thousands of communications between its operations on a daily basis make DLP the highest of priorities for businesses like banks.
How KeyBank uses Anthos to safeguard data key to its operations
KeyBank ranks in the top 30 largest banks in the United States, with over 1,100 branches and thousands of ATMs across the country. It’s mobile application and customer-facing website further expand its operations to contain millions of transactions each day.
Keith Silvestri, KeyBank’s CTO, has called Anthos a “true differentiator” and a “natural selection” for his employer in terms of data loss prevention. Silvestri pointed to Anthos’ customization in terms of being able to control which data is released to partners and when that happens, a seamless setup of the security protocols for the bank’s platforms on Anthos, and the ease at which security personnel can monitor then address compliance or privacy issues on a “single pane of glass.”
As all businesses, regardless of industry, rely upon data to power their operations, it’s crucial that data loss prevention be a key component of those operations. Anthos and Istio are powerful tools to address those concerns. Cloudmatos can put that power at the disposal of all its clients.