Jan Van Vliet, pictured, VP and GM, EMEA, at cyber detection product company Digital Guardian discusses the cyber challenges all organisations now operate under and how a data-centric approach to security can minimise data loss, even in the event of a breach.
The question isn’t ‘if’ most organisations will suffer a cyber breach, it’s ‘when’. Unfortunately, 2017 was a landmark year for all the wrong reasons in this regard, setting a record for both the highest number of breaches and the most data compromised in a 12-month period. Indeed, research by Risk Based Security found that throughout 2017, there were more than 5,000 cyber breaches, totalling 7.89 billion compromised data records (1); pretty sobering reading. High profile victims included Verifone, Gmail, Anthem, Verizon, eBay, Uber and Equifax to name just a few. Even cyber security firm Kaspersky fell victim to Russian hackers, proving no one is safe.
Despite this, many CIOs are still focusing their security efforts on networks, servers and applications, hoping to keep data safe by vainly trying to keep attackers out. In reality, they should be placing much more emphasis on the security of the data itself. Regardless of what it is – confidential business IP, employee credentials, sensitive customer information – no matter the industry, the security of the data is paramount, because ultimately, it’s what cyber criminals are after.
Fortunately, there’s been a significant groundswell around taking a more data-centric approach in recent years. Companies are finally moving beyond the traditional firewall and anti-virus software that only focuses on one thing: endpoint security. Instead, the focus has finally shifted to identifying, controlling, and securing sensitive data assets.
Start by understanding what data you have
For any organisation looking to migrate to a more data-centric security approach, the first step is to develop an organisational data taxonomy. After all, it’s impossible to protect data effectively without knowing exactly what’s there in the first place. Once data has been structured in a meaningful way, not only will it be easier to protect, but its value can be much more easily extracted as well.
Classify data based on sensitivity
Next, organisations need to identify their most sensitive data and exactly where it resides. There are several different ways to do this, but the most effective is to classify it using tiered categories such as Confidential, Restricted, Private and Public.
Naturally, the amount of confidential or restricted data an organisation has varies by sector. For example, merchants that accept credit card payments oversee a wealth of confidential customer information. Furthermore, much of it is subject to stringent industry regulations such as the Payment Card Industry Data Security Standard (PCI DSS), as well as the incoming General Data Protection Regulation (GDPR). These regulations impose hefty fines on any organisation found to be in breach, making effective data security even more critical. Classifying data in this manner will help organisations establish what information is most important and what type of security controls are needed to safeguard it effectively.
Apply appropriate access controls
After data has been properly classified, it should be tagged accordingly and access rights or privileges applied. Defining proper access controls is ultimately one of the best ways to prevent data leakage. In fact, it’s sometimes the only way to adequately prevent against both insider and external threats. This approach will also ensure data remains secure regardless of whether it’s at rest, in transit or in use. When coupled with internal initiatives such as a data security awareness program, it can be enormously beneficial, going far beyond what’s offered by conventional firewalls and anti-virus software.
Use additional technologies to further increase data security
Once an organisation has embraced data classification and access controls, the rest of the pieces of a comprehensive data-centric security program should fall into place. Data loss prevention (DLP) technology, cloud access controls, encryption and data visibility strategies can all be used to supplement/complement a successful program, providing an robust security solution fit for today’s challenging online environment. While the chances of suffering a cyber breach have risen dramatically in recent years, this doesn’t mean data loss is an inevitability. More and more organisations are finally waking up to the benefits of a data-centric approach to security over a conventional perimeter approach. By identifying what sensitive data they have, where it resides and who should have access to it, any organisation can take great strides in improving their overall cyber security. Supplementing this with a variety of data-centric solutions such as DLP and encryption can take it even further, creating a fully comprehensive security solution with only modest strategic investments.
1 “Year End 2017 Data Breach QuickView Report,” by Risk Based Security, February 6, 2018.
