Data Protection, the Ten Commandments

Background Image on Blogs "Quilted" Page: 
image/png icondata-protection-quilt2.png
Publish to Facebook: 
No
Twitter Card Style: 
summary

Mankind has undergone a massive transformation over the last couple of millennia, yet for much of humanity, 10 simple rules handed down from on high are still pretty effective at producing worthy citizens and a civilized society. 

This got me wondering if we could find Ten Commandments for data protection, and this is what I explore in this blog.

As organizations continue to evolve through their own digital transformations, data security has become more complex. Good custodians of data are starting to integrate a number of elements in place to keep it safe. Excellent custodians of data are going even further and putting in place integrated systems that bring together technology, process and human behavior.  So here are my 10 Commandments of Data Protection:

  1. Know your data

    If you can’t define what data is sensitive, then obviously you won’t be able to protect it! Ensuring you can identify all your sensitive data is achieved using the best that people and technology can offer. Certain data are easily defined, so technologies such as Data Loss Prevention or Cloud Access Security Brokers (CASB) do a great job of finding it - at rest, in motion or in the cloud. However, true enlightenment comes when you bring the power of people into the mix. Allow your data owners to also tag sensitive data and you have a complete way to classify data across its entire lifespan.

  2. Protect what’s rightfully yours - consistently

    Now that you have a comprehensive view of your sensitive data, make sure it’s kept safe. The best way to do this?  Encryption. Using data classification to determine the need for protection allows you to consistently apply the appropriate protection based on the level of sensitivity, saving you from “re-inventing the wheel” every time.

  3. Provide omnipresent protection

    Things are not always black and white so how can you apply protection in shades of grey? For example, it might be OK for someone to open a document, and even for them to edit it, but not to print a hard copy. Take encryption to the next level and incorporate Digital Rights Management to give you better flexibility and control.

  4. Give your cloud a silver lining

    The cloud represents the best, and worst, in humanity.  It allows open collaboration and individuals to demonstrate the generosity of human spirit.  But this generosity can lead to data being overly shared, and that’s where trust can be eroded. There is a better way. Protection that follows the data – even into the cloud - ensures that wherever, and with whomever data resides, a generous spirit can always a good thing.

  5. Don’t let just anyone unlock your secrets

    A decryption key, in the wrong hands, can be dangerous. How can you control who can access your data? Well, instead of just relying on the decryption key, why not embed a user’s identity into the process. And, if you add the third dimension of multi-factor authentication, you can be really confident that when a user opens a document, it really is them and not an imposter. This is how you start to reduce the risk of account takeovers.

  6. Keep an eye on your flock

    Just as a good shepherd has the ability to watch over his flock, you can keep an eye on all your data users – especially when they are not part of your organization and located on the other side of the world. 

    As users authenticate to access a document, you have a means of watching who is accessing what, from where. You can encourage good behaviors, and intervene before anyone strays too far from the right path. Help your users to respect sensitive data, and you’re well on the way to full protection.

  7. Control at the data level, for protection everywhere

    You no longer need to fear the unknown. Even if data has been scattered to the four winds, and is stored multiple times in the cloud, on a plethora of devices, across multiple countries and users, information centric security keeps it safe. For example, using identity-based authorization at the data level keeps you fully in control. You know that only the right people have access, and you can step up (or down) security by being context aware.  For example, if users are accessing data remotely, on unmanaged devices you would ask for additional levels of authentication.

  8. Develop the ability to revoke access to the data anytime

    What happens when people move on, take a new role or outside vendors change? Can you take back what you’ve given them? Well, now you have the ability to track who is accessing what data, you can see when data is at risk of abuse. By using a cloud-hosted service that can both track and control access for users from inside and outside your organization, you have a system that delivers “actionable intelligence.” 

    If a user starts acting out of character (think along the lines of how credit card companies monitor for anomalous spending behavior to detect fraud), or no longer has a legitimate reason to hold that data, then you can limit or even remove their access. So while you can’t remotely delete a document (we haven’t yet found a way to deliver that miracle!), you can make that document unreadable by effectively locking it, and throwing away the key!

  9. Manage just the data that matters

    Here is the interesting conundrum. Not only do we have more data to protect, but the way we protect data creates even more data! A data squared problem! How are we meant to monitor every single piece of sensitive data, understand whether it’s moving to the cloud or has been accessed by mobile users and devices. It’s impossible, so we need to focus on the alerts that really matter – but how do we know that?

    Take this example: If your systems are set to protect sensitive data that leaves the organization, then this is safe and you do not need to do anything. But if your data protection systems work in isolation, they may generate multiple events, and that can quickly overwhelm your team.

    The intelligent integration of data protection systems solves this problem. We imagine a world where a Data Operations Center is established that collates information from various systems (e.g. DLP, CASB, information centric encryption, authentication etc.) to help you act on the events that matter, helping you separate the wheat from the chaff.

  10. Make threat protection personal

    Account takeover is a big problem, when a legitimate account is being controlled by a malicious actor then you have problems – your security systems can be easily bypassed because the attacker now has the key to your front door. 

    Monitoring not just who is accessing your data, but how they access it unlocks tremendous insight. Being able to mine the data in your Data Operations Center and correlate it with user behavioral analytics will show where your risk lies. Not only can you find user accounts that may have been compromised, but also well-meaning users who are inadvertently putting your data at risk. The key -- being able to act on this information quickly to contain the risk and even stop a breach before it happens. 

    Information Centric Security

    By following these 10 Commandments you take data protection to a higher plane. You get the best of technology and people, and allow people to share, support and encourage each other, while eliminating some major risk areas. We have based our whole information centric security approach around these tenets to ensure that you don’t stop the flow of information, but you have the power to control over with whom and how it is shared, allowing you to maintain both visibility AND control, even with outside users.  Protection can be dynamic as you can revoke access over time. We don’t want to flood you with data, so we use telemetry to rise above the flood and help you protect what matters, and smart analytics ensure you can take fast and decisive action before, or just after a breach occurs.

    So, to recap, the data protection 10 commandments are:

    1. Know your data

    2. Protect what’s rightfully yours – consistently

    3. Provide omnipresent protection

    4. Give your cloud a silver lining

    5. Don’t let just anyone, unlock your secrets

    6. Keep an eye on your flock

    7. Control at the data level, for protection everywhere

    8. Develop the ability to revoke access to the data anytime

    9. Manage just the data that matters

    10. Make threat protection personal

    If you want to find out more, watch my recent webinar HERE, where Heidi Shei (Forrester Research) discussed a number of data protection challenges and I demonstrated Symantec’s Information Centric Security approach.



from ransomware-malware-blade http://ift.tt/2xyAv1m
via Specialisti Securitate IT in Cluj-Napoca, Romania

Comentarii

Trimiteți un comentariu

Postări populare de pe acest blog

数据保护十大准则

Imagine
Background Image on Blogs "Quilted" Page:  data-protection-quilt2.png Publish to Facebook:  No 人类在过去几千年里经历了巨大变革,对于人类社会来说,过去传下来的十条简单准则在确保国富民强方面仍非常奏效。 这使我很想知道我们是否能找到十条数据保护的准则,而这就是我们在本博文中所探讨的内容。 随着公司凭借数字化转型而不断演变,数据安全变得更为复杂。负责的数据管理人员开始整合大量相关元素,以保证数据的安全,而优秀的数据管理人员更是创建了各种整合体系,将技术、进程和人类行为相互结合。以下是 数据保护的十条准则 : 了解您的数据 如果您不能确定哪些数据是敏感数据,则明显无法对其进行保护!尽可能利用人才和技术,确保您能识别所有敏感数据。某些数据很容易定义,因此诸如数据丢失预防或云访问安全代理(CASB)等技术可很好地发现这些数据,无论数据是处于固定或移动状态,或是在云端。然而,在融入人为因素之后,一切问题才真正地迎刃而解。这使数据拥有者也可对敏感数据进行标记,因此您在数据整个生命周期内都可对其进行分类。 始终如一地保护属于您的数据 现在您已经对敏感数据有了全面了解,接下来就是确保数据的安全。最好的方法是什么呢?那就是加密。使用数据分类以确定保护需要,这样您便能够依据敏感性级别采用适当的保护方法,避免每次都“重蹈覆辙”。 提供无所不在的保护 不是所有事情都黑白分明,那么您怎么在灰色区域执行保护呢?例如,可以让某些人打开文档,或甚至进行编辑,但却无权打印。将加密技术进行升级,整合数字版权管理,使您具有更高的灵活性和控制力。 给云一线希望 云代表了人类社会最好和最差的一面。云使人们能够开放式协作,展示出人类精神的慷慨大度。但是这种慷慨大度可导致数据被过度分享,损坏了人与人之间的信任。这里有一个更好的方法,那就是基于数据的保护,这样即使在云端,也可确保无论在何处或是由何人来保护数据,慷慨大度的精神始终是一件好事情。 不要让任何人破解您的秘密 解密密钥落入坏人之手将非常危险。您如何控制谁可以访问您的数据呢?与其仅依赖于解密密钥,不如将用户的身份嵌入至进程之中。此外,如果您添加第三维的多因素身份验证,您便可
Citiți mai multe

Mobile Menace Monday: A race to hidden ads

Imagine
Who doesn’t love a good motorcycle racing game, right? How about one easily available on Google Play, a “safe” place for all your Android app desires? How about a bike racing game that sticks with you so much, you can’t easily uninstall it? And it displays hidden ads? Wait, what!? That’s right! In the slideshow below, a game titled Motorcycle Race—Bike Race (package name: com.bikeme.racersm) has rave  reviews by users who demand to know how to uninstall the game. Click to view slideshow. Rev your engines for heightened privileges So how does one get into such a predicament? That all starts with the install process. Upon installing Motorcycle Race—Bike Race, the first screen asks to Activate device administrator. Okay, so obviously a bike racing game requesting device administrator rights with permission to Lock the screen is a big red flag. However, if you didn’t catch that, there’s another clue that something is amiss. Look at the app name asking for permission: Media Player.
Citiți mai multe

Ransomware attack: a cautionary example from one small business | Avast Business

Imagine
“You feel invaded and vulnerable. This was his business, his baby, and it could all be over because some hackers were after a bit of cash.” Names like Bad Rabbit, WannaCry and CryptoWall make the news due to the massive impact ransomware attacks have. Hackers cost individuals and businesses $5bn in 2017 , and that figure is predicted to rise in 2018 to an astonishing $11.5bn . Avast alone blocked 132,000,000 ransomware attacks in 2017. Most people understand how ransomware works – it’s in the name – but what’s it like when it happens to you and your business? What’s it like when the boss announces: ‘We’re being attacked’? We spoke to Chris* who offers us an example of what happens when ransomware hits your business. This is his story - a detailed account of four days he will never forget. “It didn’t just happen … it unfolded,” he says. *Chris’s name has been changed and some of the details have been omitted or altered to protect the identity of those involved. The prolog
Citiți mai multe