The dissolution of the definable network perimeter has been years in the making. Mobile and remote workforces that require global access to information and resources for collaboration have made the concept of the traditional network perimeter – one that was once defined by the geographic and technological limitations of corporate servers and devices – all but obsolete. Instead, today’s global information ecosystem is built around a model of open collaboration, trust, and constant information flows – the very attributes that are being exploited by cyber attackers today.
In the borderless, digital world, we need to redefine our approach to security. We need to move away from protecting the network perimeter to focusing on securing data, no matter where it travels or resides. Below are six steps to do this effectively.
1. Identify and classify sensitive data
The first step to any successful data security strategy is to understand the sensitivity of your data and where it resides – be it in the cloud, file shares, databases or all of the above – and then decide whether or not this data requires protection, and how much. Data classification helps by first discovering data, regardless of where it resides. It then sorts data into appropriate categories, based on sensitivity and other factors, and creates policies that determine which employees can come into contact with this data, and how they can use it. Data classification can greatly assist companies in meeting governance, compliance and regulation mandates such as PCI DSS and GDPR, as well as protecting intellectual property.
2. Beware the accidental insider threat
Employees present a great risk to internal data, even with data classification and access controls in place. IT teams must take a risk-based approach to their employees, and audit them on the level of risk that they present to company data. Some employees will present a greater risk than others. For example, employees with network administrator credentials pose a far higher risk than those with local user access. Employees in the finance department, on the other hand, may make a tempting target for cyber criminals due to the lucrative data that they process. By understanding which employees present a higher risk to data and tailoring defences accordingly, IT teams dramatically reduce the threat associated with insiders.
3. Don't just rely on point-in-time technologies
Most security tools today focus on visibility and blocking at the point of entry to protect systems. They scan files at an initial point in time to determine if they are malicious. But advanced attacks can occur at any point in the day or at night and in a matter of seconds, leaving organisations’ most sensitive assets at risk. Real time detection technologies provide constant vigilance, and demonstrate proof that you have been — and continue to be — serious about data protection.
4. Understand the intricacies of DLP
Although cyber criminals do present a potent threat to the modern day enterprise, the risk of accidental data loss cannot be underestimated. Take, for example, the employee who sends a confidential email to the wrong person or leaves their USB stick on a train. Without DLP in place, these actions could result in data leakage and a breach of compliance standards. DLP technologies work by securing data based on prior policies, depending on the data’s sensitivity. If the data is highly sensitive and an employee does not have the required access privileges, he or she will be prevented from copying the data in the first place. If copying is permitted, then the data will be encrypted to ensure that it stays safe, no matter where it is transported.
DLP makes a company’s security strategy much more comprehensive. The network approach used to be sufficient enough, but with data travelling far and wide, it is much easier for an attacker to get into a company’s borderless walls. Without DLP, the attacker would have access to a treasure trove of sensitive data. With DLP in place, even if the perimeter is breached, attackers are far less able and likely to steal sensitive data, if anything at all. By combining network security with DLP, along with security measures like advanced threat protection, a business can make it almost impossible for a hacker to steal any data from their company.
5. Expand beyond compliance
Although many industries and regions have compliance requirements, like HIPAA, PCI and the soon-to-be GDPR, these compliance standards are just the beginning to securely protecting your sensitive data. They are a good foundation, but more must be done to keep sensitive critical data – beyond credit card numbers and national insurance numbers – safe. To truly ensure that your data security is watertight, you must think of compliance and security as more than just a tick-in-the-box exercise.
6. Understand the variety of threats targeting data
The tools that you choose for security must be reactive and have knowledge of external threats such as malware and brute force attacks. Many DLP solutions focus on accidental data leakage – the insider threat – but do not have the ability to understand external threats that put data at risk. Smart DLP solutions are aware that external attackers are able to steal credentials and enter the network under the guise of an employee. Threat intelligence becomes paramount here. Say a hacker corrupts an admin’s account – a smart, complete solution will block the admin from moving data or at least encrypt it, based on their unusual behaviours or where they have logged in from. Many security products claim to protect data but are not dynamic and contextually aware.
Preventing data loss or theft involves a mixture of policy-driven security solutions and employee awareness. By identifying where sensitive data resides, setting policies for handling it and implementing appropriate access controls, organisations put themselves in a strong position to defend against both internal and external threats. With the breakdown of the traditional network perimeter, a data-driven security solution is key to keeping company data safe from leakage of theft.
Jan Van Vliet,VP and GM EMEA at Digital Guardian
Image Credit: Wk1003mike / Shutterstock