Nearly one million new malware threats were released every day in 2014, with no signs of slowing down, according to Symantec’s Internet Security Threat Report. Malware, worms and other viruses can spread through a company’s network like wildfire. Getting your system and network back up and running only scratches the surface of expenses. Malware can cause data breaches and compromise customers’ security and hold you liable for damages. According to the 2015 Cost of Data Breach Study’s global analysis, the average total cost of a data breach for participating companies in the study increased 23 percent to $3.79 million.
The idea of data isolation isn’t a new, but it has expanded beyond simple firewalls and separate servers and networks into a more sophisticated medium. Take a look at what data isolation is all about and why it matters.
Isolate your security zones
Ask yourself how many of your workstations and servers need to be connected. Isolating your data as much as possible can keep malware from spreading and contain it to one unit. Think about how SaaS platforms like Salesforce work. Their customers don’t have access to any other network traffic other than their own.
Creating sub-accounts can also help isolate data. For example, when a customer uses your billing portal, they are essentially creating a sub-account with the same permissions as everyone else, but it exists separately from the rest of the network.
Research your cloud provider
Whether you’re using a SaaS platform for complex marketing or a cloud provider to store files and data, you need to ask questions. Ask about their safety protocols, how data breaches are handled and what percentage of their team is dedicated to security. Find out how your data is isolated and separated and who else has access to your information.
Automatic computer backup and DIY cloud storage has become increasingly popular over the years. But do you know what’s going on with your data? Find out how your files are encrypted and stored, and don’t be afraid to ask for credentials. For example, Mozy completed a SSAE 16 Type 2 audit and has ISO 27001 certification.
Ask about air gapping
Air gapping is a simple technique just about anyone can do to ensure an extra layer of manual security. Government and military installations as well as big businesses use the method to further lock down their security. The concept is simple. Either turn off an unused server altogether or leave it on but without being connected to the Internet. That server can be part of your overall network, but will need manual manipulation to get any malware on it.
Restrict access
Manually restrict what devices and computers can connect to your network and access information. BYOD is an acronym for “Bring Your Own Device,” but some refer to it as “Breach Your Own Data”. Allowing an influx of personal devices to enter your network requires additional security protocols and greater access restriction. Another issue is taking company-issued devices home and using them to surf the Web or make online purchases. That activity can further expose your network to risks.
If you’re going to employ a BYOD policy, isolate access into your network and set up permissions for what personal devices can access. Consider requiring employees to leave devices in the office or restrict what activities can be done on those devices when using them from home.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.