As more and more businesses adopt cloud services, seizing on the latest software tools and development methodologies, the lines between them are blurring. What really distinguishes one business from the next is its data.\nMuch of the intrinsic value of a business resides in its data, but we\u2019re not just talking about customer and product data, there\u2019s also supply chain data, competitor data, and many other types of information that might fall under the big data umbrella. Beyond that there are a multitude of smaller pieces of data, from employee records to HVAC system logins, that are rarely considered, but are necessary for the smooth running of any organization. And don\u2019t forget about source code. Your developers are using cloud-based repositories for version control of application code. It also needs to be protected.\nIn the past, companies would typically try to centralize their data and lock it safely away in an impenetrable vault, but hoarding data doesn\u2019t allow you to extract value from it. Data gains business value when it\u2019s transported from place to place as needed and available to be leveraged, not locked away in some dark place. People need swift, easy access to data and real-time analysis to make innovative leaps, achieve operational excellence and gain that all-important competitive edge.\nManaging the mess\nAs the importance of data has grown clearer many businesses have been stockpiling as much of it as they can get their hands on with the idea that the value will come along later. Businesses grow organically, so new systems and software are adopted, mergers and acquisitions prompt integrations and migrations, and new devices and endpoints are added to networks all the time. Even the most organized of businesses inevitably ends up with a complex structure and data that\u2019s distributed globally.\nAnother layer that exacerbates this problem is people. Sometimes your employees will show poor judgement. They may unexpectedly wipe out critical data or accidentally delete configuration files. Disgruntled employees may even do these things deliberately. Then you must consider all the employees and contractors working for your partners and vendors, who often have access to your business-critical data.\nTo effectively manage your data without shuttering it and blocking legitimate requests for access, you need a solid cloud data management strategy and that begins with five important considerations.\n1. Resting data\nMost of the time data sits in storage. It\u2019s often behind firewalls and other layers of security, which it should be, but it\u2019s also vital to ensure that your data is encrypted. It should be encrypted all the time, even when you think it\u2019s safely tucked up in your vault.\nIf you properly protect your data at rest by encrypting it, then anyone stealing it will end up with lines of garbled junk that they can\u2019t decipher. You may think it\u2019s unlikely a cybercriminal will breach your defenses, but what about a motivated insider with malicious intent or even a careless intern? Hackers most common point of penetration is actually your employees\u2019 devices, whereby they gain a foothold that can be leveraged to go deeper into your networks. Encrypt everything and take proper precautions to restrict access to the decryption key.\n2. Accessing data\nIt\u2019s very important that your employees can access the data they need to do their jobs whenever and wherever they want, but access must also be controlled. Start by analyzing which people need access to what data and create tailored access rights and controls that restrict unnecessary access. Any person requesting access to data must be authenticated and every data transaction should be recorded so you can audit later if necessary. Active Directory is the most common place to manage and control such access today.\nAccess control should also scan the requesting device to ensure it\u2019s secure and doesn\u2019t harbor any malware or viruses. Analyzing behavior to see if the user or device requesting access falls into normal patterns of use can also be a great way of highlighting nefarious activity.\n3. Data in transit\nIt\u2019s crucial to create a secure, authenticated and encrypted tunnel between the authenticated user and device and the data they\u2019re requesting. You want to make the data transfer as swift and painless as possible for the end user, but without comprising security. Make sure data remains encrypted in transit, so no interceptor can read it. Choosing the right firewalls and virtual private network (VPN) services is vital. You may also want to compartmentalize endpoints to keep data safely siloed or employ virtualization to ensure it doesn\u2019t reside on insecure devices.\nThere\u2019s no doubt that most companies focus their data protection efforts here and it is important, but don\u2019t focus on data in transit to the detriment of other areas.\n4. Arriving data\nWhen the data arrives at its destination you want to be certain that it is authentic and hasn\u2019t been tampered with. Can you prove data integrity? Do you have a clear audit trail? This is key to effectively managing data and reducing the risk of any breach or infection. Phishing attacks often show up in the inbox as genuine data to fool people into clicking somewhere they shouldn\u2019t and downloading malware that bypasses your carefully constructed defenses.\n5. Defensible backup and recovery\nEven with the first four pillars solidly implemented, things can and do go sideways from time to time when least expected. Most companies recognize the importance of proper backup hygiene today and have implemented backup and recovery processes. Be sure to actually test and validate your ability to restore the backups and recover periodically.\nIn the cloud, there\u2019s another critical area to carefully consider. Be careful not to put all your data eggs in one basket. Do not store your backups in the same cloud account where your production data resides. That\u2019s a formula for disaster you may not recover from should a hacker somehow gain access to your network and delete everything.\u00a0\nThat is, leverage multiple cloud accounts to segregate your backup data from your production data. Be certain to back up your cloud infrastructure configuration information as well, in case you ever need to rebuild it for any reason.\nIn the unlikely event your production environment should somehow become compromised, it\u2019s critical a copy of all backups and cloud configuration are stored separately and secured from tampering and deletion. One way to do this is to create a separate backup account (on the same cloud or different cloud) with a \u201cwrite only\u201d policy that allows backup and archival data to be written and read, but not deleted. This protects your business by ensuring your DR systems and backups will always be available should you need them to recover.\nBy crafting a plan to cover data storage, data access, data in transit, data arrival, and defensible data backup\/recovery, you\u2019ve erected five pillars that will be strong enough to bear the load of your company data and withstand the forces which are trying to break in. But there are still many cloud data management pitfalls to avoid. Ensure that you can quickly recover from the most common issues that arise from operating in cloud environments. \u00a0\nYou can have the best products and employees in the world, but without data they are powerless, so take steps to ensure it flows freely and safely. Smart data management will empower your staff to leverage the latest cloud technologies, innovate new products and services and differentiate your organization from the competition.