Perimeter Protection Is Not Enough Jun 16, 2017
By Venkat Subramanian
There are three key strategies that organizations should adopt to address cyberthreats and protect their critical data.
ACROSS THE BUSINESS sector, the vision for secure business execution is based on the enterprise’s ability to safely and responsibly leverage data assets for driving current operations and future strategy. Yet, this is a time of transition in terms of data source diversity, agility in capacity, and access.
More and more organizations are undergoing a major transformation—shifting from IT-led analytics and business intelligence to an approach led by business units with requirements for near-real-time data access spanning on-premises and cloud infrastructure. At the same time, traditional data warehouses are being replaced by new and rapidly evolving big data technology platforms, such as Hadoop and Spark, that are still in their infancy when it comes to data security.
How can companies ensure that their sensitive data stays secure in light of current and ongoing transformations, while also operating within the realm of regulatory compliance?
It’s Not Enough to Protect Against Outside Hackers
The common approach to protecting sensitive data is to tighten perimeter security with firewalls, intrusion detection, and intrusion protection. While this is important to thwart external hackers from
getting to the data, most of the breaches happen due to bona fide internal users mishandling data. It is this insider threat that needs special attention as more users are provided access.
Volume and file-level encryption touted by platform vendors is good for blanket compliance but not for real protection. A comprehensive approach is needed to cover all aspects of data collection and sharing to protect against external and internal attacks.
Three Key Strategies
To help businesses address cyberthreats and protect their critical data, it is imperative to:
Know your data. The most important requirement is to precisely locate sensitive content in structured, unstructured, and semi-structured data and classify all the files, databases, and other repositories. Next, identify all the groups and individuals within and without the organization who have rights to the classified data in whatever mode they can get to the data. You cannot protect what you don’t know.
Protect your data. Sensitivity classification is vital to data protection. First, it is necessary to audit user access to identify and fix misalignments to ensure that the right users have access and lower risk factors. A more comprehensive solution is to provide fine-grained access at the element level. Encryption with access-controlled (RBAC) decryption is the best option, as it helps maximize data access while ensuring regulatory compliance. When “real” data is not necessary, as with summary reporting, masking (one-way obfuscation) is the best protection option. Some masking options allow for the statistical distribution of the data to be retained. Thus, the same summary report would result from the original and the masked versions of data.
Ensure visibility of your data and user access. The natural next step is verification that the process for data classification and protection is being followed and it is working. A single dashboard that manifests data across repositories with associated metadata enables visibility of whether data is classified and protected. Additionally, with a way to turn on alerting on classified data—when accessed, and when unauthorized access is attempted and/or repeated—a more complete picture emerges. Typical tools for monitoring of sensitive data are ineffective with too many alerts that require effort to filter the signal from noise. Combining the use of classification with user definitions of “alertable” conditions makes every alert actionable. The goal should be continuous, near-realtime anomaly behavior detection using machine learning to build a user profile and complex event processing to ferret out potential breaches.
By keeping these pointers in mind, a business has the best chance of ensuring protection of sensitive data and staying compliant with current regulations.