When we take a look at the security breaches of the past few months, (Anthem and Sony are the latest of note.) one of the key takeaways is that “perimeter protection”- the feeling that your data is secure if you have a strong enough network perimeter – is no longer enough. Decades of reliance on a secure network perimeter as the primary method of keeping data safe have obviously come to an end as a result of the ubiquitous industry shift to a) the BYOD computing and access, and b) the movement of users and workloads to the cloud. This has led leading-edge IT shops and professionals to more fully embrace the traditional military strategy of ‘defense in depth,’ meaning the deployment of layers of protection against breaches.
Free Cyber Security Training! Join the revolution today!
Here are a few tips for businesses when considering what to do next in order to keep information secure:
– Remember that organizations of all sizes and “shapes” have sensitive data.
According to Ponemon Institute research, 90% of IT professionals admit to having a breach in the prior 12 months. This means that you’re neither too small or too big/powerful to get hacked. It’s important for organizations to have cost-effective and flexible security solutions to truly secure their proprietary information.
– Understand that data is always on the move – but still needs to be secure.
This is precisely why security teams need to rethink security. Instead of simply securing the perimeter, IT teams must implement layer protection directly on the information itself so it is safe from malicious intent wherever it resides and whatever the characteristics of the environment it’s being used in.
– Admit that sometimes people make mistakes.
There are a myriad of ways for an ‘honest mistake’ to result in a data breach, from a door being left open, to an accidental email address, to an insecure DropBox folder, to a lost PC or smartphone. When information itself is secured in a way that doesn’t depend on a secure environment, this scenario is no longer an issue.
– Remind management that securing data helps corporate compliance.
Having a policy for handling of sensitive data (including outlining what types of data are considered sensitive), setting rules, classifying, and marking data with appropriate disclaimers according to its sensitivity makes good business sense. It’s how great companies operate. It also provides a layer of protection against corporate liability from a legal perspective.
Military history has shown that as your adversaries’ weapons advance, your armor had better advance, as well. Leather armor and shields were fine for iron swords, but then came arrows and eventually bullets. Companies need to continually embrace new security paradigms as technology advances in order to keep information out of malicious users’ hands.
By Charles Foley, Chairman and CEO, Watchful Software
About Watchful Software
Watchful Software provides advanced persistent security solutions that keep sensitive information safe from security breaches resulting from either accidental or malicious disclosure.
The company was formed to protect an organization’s most critical asset after its people – its information. Watchful Software technologies address the growing need for protecting sensitive and proprietary information against accidental or malicious theft, leakage, or loss. Leveraging key technologies including advanced encryption algorithms, digital rights management, and eBiometrics, Watchful has developed a suite of solutions that ensure only authorized personnel have access to enterprise systems and information, protecting against potentially massive economic and competitive damage from cyberterrorists and information thieves.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.