Take control of enterprise data by hard coding its DNA

Persistent security controls provide invaluable data history in case of an accidental or malicious breach

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Data is wide­ly regard­ed as a top asset for orga­ni­za­tions. And for good rea­son. Enter­pris­es ana­lyze it to glean insights for mak­ing data-dri­ven deci­sions; inter­net giants like Google and Face­book col­lect and sell data for prof­it; mar­ket­ing depart­ments lever­age it to iden­ti­fy new cus­tomers and cul­ti­vate loy­al­ty with exist­ing ones; and fed­er­al agen­cies use it to track inves­ti­ga­tions for nation­al secu­ri­ty pur­pos­es. While the uses may vary, gain­ing a com­pet­i­tive edge is a uni­fy­ing theme among orga­ni­za­tions pri­or­i­tiz­ing data.

While data is an asset that should be tracked and man­aged through­out its entire life cycle, orga­ni­za­tions aren’t doing so well giv­en that instances of data breach­es are at an all-time high. In 2016 alone, there were 980 breach­es with near­ly 35,233,317 records exposed. Unfor­tu­nate­ly, the neg­a­tive impact of a data breach can be exten­sive and cost­ly. For instance, take the breach of the Office of Per­son­nel Man­age­ment (OPM).

Cyber crim­i­nals got away with con­fi­den­tial data asso­ci­at­ed with more than 21 mil­lion for­mer and exist­ing employ­ees, includ­ing more than 19 mil­lion indi­vid­u­als that applied for secu­ri­ty clear­ance. The breach also exposed Social Secu­ri­ty num­bers, mil­i­tary records, his­to­ry of res­i­dence, demo­graph­ic details, fin­ger­print records, infor­ma­tion about imme­di­ate fam­i­ly mem­bers and more. And the cost to mere­ly pro­tect vic­tims of the breach from iden­ti­ty theft was over $133 million.

Hack­ers aren’t only ones to blame

Whether it’s a mali­cious insid­er, care­less employ­ee behav­ior and/or mal­ware, data is always at risk of being stolen. With insid­er threats, an exist­ing or pre­vi­ous employ­ee or part­ner with inside access may use legit­i­mate cor­po­rate cre­den­tials to access and steal data for per­son­al gain and/or to hurt the organization.

Relat­ed: Secu­ri­ty aware­ness train­ing is becom­ing a vital tool

For exam­ple, Edward Snow­den leak­ing NSA doc­u­ments, the Booz Allen Hamil­ton con­trac­tor who was arrest­ed for steal­ing clas­si­fied com­put­er code, or more recent­ly, the alleged theft of Alphabet’s con­fi­den­tial files by a for­mer employee.

But employ­ees don’t need to be mali­cious to cause dam­age, which is why they are often regard­ed as the weak­est link in enter­prise secu­ri­ty. It’s not uncom­mon for a well-mean­ing employ­ee to unknow­ing­ly share files with­out per­mis­sion, or open an attach­ment car­ry­ing dan­ger­ous mal­ware. This has led cyber crim­i­nals to increas­ing­ly deploy advanced mal­ware that cir­cum­vents tra­di­tion­al secu­ri­ty defens­es unde­tect­ed to gain access to pri­vate net­works and data.

Com­bat breach­es with emerg­ing technology

 The con­stant threat of a data breach is a real one, and orga­ni­za­tions across indus­tries are going to have to change their way of think­ing about cyber­se­cu­ri­ty and defense. Rather than focus­ing on invest­ments in detec­tion and pre­ven­tion, orga­ni­za­tions must apply per­sis­tent secu­ri­ty con­trols to their data that enable IT to mon­i­tor and log all data inter­ac­tions so that in the event of a breach, IT can per­form inves­ti­ga­tions with com­plete his­tor­i­cal context.

Data is a pri­or­i­ty asset for busi­ness­es and cyber crim­i­nals. As such, orga­ni­za­tions must have com­plete vis­i­bil­i­ty into how data is used, stored and shared with­in the orga­ni­za­tion, regard­less of where it resides and where it ends up. By wrap­ping files with a lay­er of pro­tec­tion hard­cod­ed into the data’s DNA, emerg­ing cyber­se­cu­ri­ty tech­nol­o­gy is able to pro­vide vis­i­bil­i­ty into the flow of data and empow­er orga­ni­za­tions to con­trol it wher­ev­er it goes.

More sto­ries relat­ed to data security:
As threats mul­ti­ply, more com­pa­nies out­source secu­ri­ty to MSSPs
When it comes to secu­ri­ty, don’t give employ­ee edu­ca­tion short shrift
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats