• Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion.
  • Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
  • Deploy your own advanced network monitoring tools. Use intruder detection tools to watch your entire ecosystem of applications.
  • Beware of a too-complicated ecosystem. Its layers can create blind spots.
  • Consider using API-based cloud access security brokers (CASBs).
  • Use micro-segmentation to restrict access privileges to those who need them, for only the timeframe they need them and only to the level of access they need.

Full post here, 4 mins read