Data is an organization’s most valuable asset, yet data loss is one of the biggest repercussions of a cyber-attack.
By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks
Data is an organization’s most valuable asset, yet data loss is one of the biggest repercussions of a cyber attack. In 2019, more than 15 billion records were exposed in data breaches, amounting to more than $3.5 billion lost to cybercrime.
Moreover, the unprecedented events of recent months in 2020 have seen the number of attempted data breaches continue to rise, with cyber hackers taking advantage of remote working and individuals’ fears over COVID-19. In fact, a survey showed that 50% of organizations were unable to guarantee that their data was adequately secured when being used by remote workers.
There is clearly a lot at stake. Organizations need to protect their data, but they also need a robust data assurance solution. Data assurance, or information assurance, is a challenge due to the many networking technologies deployed in today’s environments, making policies disjointed due to differing technology and network infrastructures, as well as data regulations driving data security.
Regulatory compliance is becoming more complex, and each regulatory policy widens the scope for required data security controls, often resulting in point solutions, added complexity, and the loss of network visibility.
Therefore, strict separation of duties is a core compliance requirement to ensure there is no risk of network policy interfering with data security policy; but this is often difficult to enforce when security is tied to infrastructure.
So, how can organizations secure their data, even when the network isn’t secure to begin with? And how can they ensure the security posture is always visible in order to ensure their data is always secure? Simon Hill, Director of Sales Operations at Certes Networks explains why a five-step approach is essential to keep a customer’s data secure.
The Five Step Approach to Data Assurance as a Business Strategy
Due to increasing pressures to keep data secure, securing data as it travels across the network has never been more important. Encryption is certainly one way to keep data secure as it travels across the network, but it is not as simple as just deploying an encryption solution. Organizations must follow these five steps.
- Convert data assurance requirements into an intent-based policy. This is then used to configure and enforce the required security parameters for sensitive data.
- Creating multiple policies, one for each data classification or regulation, not only ensures that data is protected at all times but with each policy using its own keys, customers are creating micro-segments using strong cryptography or crypto-segments. These crypto-segments keep data flows protected using separate keys and also provide critical protection against the lateral movement of threats.
- Organizations must look at the requirements of their environment. Whether it is low latency applications, high throughput data requirements or rapidly changing network environments, organizations must have the flexibility and scalability to secure any environment to meet the depth and breadth of their organization’s needs.
- Organizations also need full network visibility without compromising data security. With traditional encryption blinding the network and security operations tools, monitoring, troubleshooting, adds, moves or changes are made difficult without first turning encryption off. An encryption technology solution should enable the network to look and work in the same way after deployment as it did before, enabling all networking and security functions even while data is being protected.
- Lastly, with a data assurance strategy, organizations can benefit from a real-time view of their data security posture, graphically showing data security performance at all times. An observability tool or a third-party security dashboard can ensure rapid detection, response, and remediation of non-conformance and provide evidence as part of any required audit. Organizations using Artificial Intelligence can also take advantage of the programmable interfaces when using a dynamic program with a security overlay, which reduces the time to remediation and removes the need for manual intervention when threats are detected within the security stack.
Confidence in Data Assurance
The goal of a data assurance solution should be high confidence with low impact, and the ability to scale to the needs of an organization with, for example, a zero-impact software-defined overlay and real-time reporting of policy conformance to achieve this.
Taking a software-defined approach truly delivers on the true separation of duties, enabling security teams to retain control of the data security posture at all times without compromising network performance or the agility needed so that applications teams can be effective.
Furthermore, with a robust data security strategy, organizations can quickly turn their data cyber assurance requirements into an intent-based policy which can be monitored in real-time to ensure round-the-clock visibility of their data assurance posture. Whether one data classification or multiple, securing data using crypto-segmentation to micro-segment data flow, protects against the lateral movement of threats whilst also ensuring all data is secure in motion.
Armed with this five-step approach, organizations can take actionable steps not only gain a deep understanding of how to enhance their security posture and to manage and enforce policies but to measure the effectiveness of their security strategy. When securing data vs. securing the network is the priority, data loss can be prevented and data security can truly be seen as a strategic contributor to the organization’s success.
About the Author
Matt Cable is VP Solutions Architect and MD Europe, Certes Networks. Matt is a Cyber-Security and Cryptography expert with more than 20 years of consultancy experience that covers IT Strategy and Enterprise.