The information security industry is on the brink of a paradigm shift.
Enterprises all over the world are experiencing security breaches with alarming frequency. We all know the names of some of the largest breach victims, such as Target, Home Depot, and most recently Sony. These incidents have left us all wondering, “They’re major corporations who surely employed the most comprehensive security solutions and knowledgeable security teams available. How could a security breach of this magnitude happen to them?”
These companies are asking themselves the same questions, leading them to finally begin examining their legacy security strategies in order to begin solving the problem of today’s data breaches.
Free eBook: Modern Retail Security Risk – Get your copy now.
The first reality enterprises need to understand is that the question should no longer be if its network will be breached but instead when it will be breached and by whom. When companies approach their data security with this more proactive mindset, they will be able to take a critical look at the potential weak spots in their security. Where are the weak points, where are the faults, and what can be done to remediate these weaknesses?
The past few years have seen a number of new technology waves sweep the industry that have introduced security vulnerabilities that leave a company’s data at risk. These have included companies’ move to ‘the cloud’ and the prevalence of the BYOD device. Since these latter devices may be from an employee’s home or other source and are not subject to stringent monitoring and management, they are a potential entry point for attackers into a corporate network. In a cloud paradigm, working outside the ‘hardened office perimeter’ also introduces vulnerability as the organization has to allow entry from public networks. Combine these common scenarios with the increasing threat of breaches, and we come to realize that companies must do something more – and different – to be secure.
Despite the enormous investment that has been made in securing the network perimeter, an effort which has apparently not prevented a score of security breaches, one truth has become painfully clear: today’s enterprises can’t rely on only securing the ‘network’ but instead have to concentrate on securing the data itself, regardless of where it may be on (or off) the network. More attention has to be paid to identifying sensitive data that may be taken out of the secure network (as the Guardians of Peace did to Sony) so that even if it’s on the open Internet it’s still secure. Leading security-minded corporations are beginning to move away from a strict network-centric security perspective to adding a firm data–centric security component to their cybersecurity strategy. They understand that with the advent of ‘the cloud’ and BYOD, there really is no longer a secure perimeter to be relied upon. They are beginning to look at their data’s security independently, that is, addressing the vulnerability of the data itself and not just the potential security of the hardware where they think it should be stored. If the data itself is secured (classified, tagged, encrypted), then it is secure wherever it goes and by extension where it resides becomes secondary. It doesn’t matter if it’s on an encrypted file server, a laptop, a USB key, or a web drive, it’s locked tight and can only be open with someone with authenticated credentials to that specific information.
The approach to securing the data itself is becoming the de rigueur thinking among thought leaders in information security. They are employing technologies to ensure that as emails, documents, worksheets, reports, and the like are created, they are analyzed at the source to see if they are sensitive and, if so, that they are locked tight so that only those with clearance can use them, wherever they may travel to. This thought process marks a profound shift in how information security will evolve in the near future as well as an important way that we will be able to stay one step ahead of those looking to steal, exploit, and leak this new currency of the information age.
By Charles Foley, Chairman and CEO, Watchful Software
About Watchful Software
Watchful Software provides advanced persistent security solutions that keep sensitive information safe from security breaches resulting from either accidental or malicious disclosure.
The company was formed to protect an organization’s most critical asset after its people – its information. Watchful Software technologies address the growing need for protecting sensitive and proprietary information against accidental or malicious theft, leakage, or loss. Leveraging key technologies including advanced encryption algorithms, digital rights management, and eBiometrics, Watchful has developed a suite of solutions that ensure only authorized personnel have access to enterprise systems and information, protecting against potentially massive economic and competitive damage from cyberterrorists and information thieves.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.