The malicious criminals that attack organizations to steal your most sensitive information are funded, well-trained and have prepared patiently to achieve a successful data heist. They have a target – they’re not after all of your stored data. They only want your most precious and sensitive data – like your intellectual property, sensitive email, customer information, trade secrets, regulated data (i.e. credit card information or protected health information), data they can use to commit other crimes or data they can sell easily to other criminals. What this means is that the bad guys are only after a small percentage of your data and criminals know that the crown jewels are there.
Think about defending the most sensitive data from the inside out. With the threat gaps in security that is possible through your network, file repository, device and data center security measures in the modern digital workplace, data-centric security must be considered as a strategic choice because it applies at the data level and the protection provided is independent of device, storage technology, storage location, application/repository and so forth.
Below are some suggestions to get you started with your defense:
Step 1. Identify which data is most sensitive.
This data could be regulated data such as PCI, PHI or data unique to your company and its business objectives. Categorize this data based on risk, sensitivity, compliance requirements, etc. and come up with a classification schema.
Step 2. Discover where your most sensitive data resides.
Most enterprises have a very difficult time accurately pinpointing where their authenticated users may have localized copies of the company’s most sensitive data. Ensure that you have the ability to crawl all of your possible paths.
Step 3. Determine how this data is used.
You want to make sure that you have a good idea who accesses this data, who should have the privilege to access this data, what users are doing with it and how this data should be used by those that need access to it.
Step 4: Apply layered security.
Make sure your perimeter security is up to date. Ensure that your most sensitive data is on hardened operating systems that are carefully patched. Check to make sure your VPN, anti-virus, firewall and data loss prevention solutions are up to the task.
Step 5. Encrypt your data at different levels.
Next, be sure you’re encrypting your data the right way. Disk encryption, data at rest and data in motion are no longer sufficient. A different approach must be used for data encryption. Apply file- and application-level encryption. Require strong authentication and put granular control on your sensitive documents. Then make sure that the security policies defined in your repositories extend beyond so that you aren’t left with the challenge of losing control when data is pulled out and localized. When done properly, this tactic will stop many threats.
Step 6. Continue to monitor and review your risk.
Make sure that you audit document use, who is accessing your sensitive data and what they are doing with it. If the user behavior is beyond the norm or an unauthorized user attempts to perform an action against an established path, this will provide you with the means to detect and act appropriately.
While the above steps provide guidance, organizations may want to incorporate them into a more complete security plan. Study and understand what data is most sensitive and defend it in a persistent manner using data-centric security to complement other layers of perimeter based security already in place. Threat actors systematically target the most sensitive data – they are after only the information that will cause the most damage.