BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:8063

NEXT



Built-in protection

Editorial Type:     Date: 07-2017    Views: 1633      








At the heart of every security strategy is the objective to protect sensitive information from unauthorised disclosure. but that comes with many challenges

Whether designing a new security architecture or addressing the requirements of compliance standards, such as PCI-DSS, GDPR, and HIPAA, the best approach to success when evolving a security strategy requires a firm understanding of how various factors within and outside organisations interact with sensitive information.

According to Salvatore Sinno, chief security architect, Unisys, there are three key activities that businesses should undertake in order to implement an effective sensitive data protection strategy:

Data Discovery: "This is a key step, allowing businesses to identify the scope and complexity of the sensitive data protection task is data discovery, and it is recommended that businesses take an iterative approach towards achieving success. It's impossible to protect all data that flows through a business, and as such they should be selective. For example, businesses are advised to not spend resources protecting information that is classified as public or non-sensitive," states Sinno.

Data Isolation: "From the data discovery work stream, businesses should have a good handle on how sensitive information is transmitted, stored and processed. The next key step is to isolate the people, processes and technologies that interact with that sensitive data. For example, the data discovery exercise may uncover that cardholder data traverses an entire network, lives on multiple data repositories (web servers, databases, application servers), and is accessible by a large number of individuals who do not need access to this information. In this scenario, such a large attack surface leaves businesses more susceptible to a breach. Data isolation reduces attack surfaces by using access control and encryption to ensure only authorised systems and users can access sensitive information."

Data monitoring: "To avoid the possibility of changes introducing new vulnerabilities, businesses should implement a system that monitors isolated sensitive environments for changes that breach policy objectives," Sinno advises. "This process can be automated by deploying activity monitoring and event management solutions that will learn the baseline configuration and report on anomalies."

Data discovery, isolation and monitoring provide businesses with the building blocks for an effective data protection strategy. "Implementation of this iterative approach to sensitive data protection strategy allows businesses to effectively manage the different phases required to achieve success."

TARGETED ATTACKS SOAR
There is little doubt that, in these times where data has never been more vulnerable to attack, sensitive information is increasingly leaving the safety of corporate networks, as more employees share files over consumer cloud storage services and access those files on their own mobile devices. The number of targeted cyber-attacks is soaring, with cybercriminals developing effective new methods for defeating traditional security measures and stealing corporate information. So how do you manage and protect your information in this challenging environment? And what does a successful data protection strategy look like, in the face of eroding security perimeters, increasing targeted attacks, and evolving user habits and expectations?

As Piers Wilson, head of product management at Huntsman Security, readily admits: "Traditional security technology will never stop users falling victim to phishing, social engineering and other attacks based on human weakness or error. Instead, it is designed to be able to prevent the consequences; detecting and removing hostile software before it can cause any harm or data loss can occur. With attackers constantly updating their methods and weapons, the real risk is that traditional security approaches won't recognise a threat until it's too late. Essentially, such technology is like a museum guard that will only take action to spot and remove known thieves, while the smarter attackers will come in disguise or via a completely hidden route."

The fact is, he says, traditional approaches simply won't work effectively anymore. "As such, organisations should be looking at monitoring system behaviour for any potentially suspicious activity that could indicate an attack or vulnerability being exploited - whether instigated externally or coming from an insider. For example, if the business detects that a user account accessing data that they shouldn't, they can quickly step in to prevent any harm from being done; whether the activity was an honest mistake or part of a deliberate attack."

This approach means that security teams will face hundreds, if not thousands, of potential alerts a day; meaning the real challenge will be triaging to determine which represent true potential threats, and which are false alarms. "As with any other security tool, the more the system can decide for itself what represents a real threat, the easier it will be for security teams to react as appropriate. This doesn't mean that traditional security is surplus to requirements; instead, it should form part of a layered approach to security, anti-virus along with firewalls and more sophisticated analysis, to ensure that all potential routes are covered. This means that, rather than turning up to find an empty case after the heist has taken place (the Hatton Garden burglary), security teams can see an attack coming and take action before the damage is done."

Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT