- Draft a good data loss prevention (DLP) policy. Build a solution against breaches as well as unauthorized extraction & deletion.
- Implement encryption in transit as well as at rest: TLS/SSL connections are a must, as are IPsec VPN tunnels.
- Deploy your own advanced network monitoring tools. Use intruder detection tools to watch your entire ecosystem of applications.
- Beware of a too-complicated ecosystem. Its layers can create blind spots.
- Consider using API-based cloud access security brokers (CASBs).
- Use micro-segmentation to restrict access privileges to those who need them, for only the timeframe they need them and only to the level of access they need.
Full post here, 4 mins read