Today’s cybersecurity landscape is growing more complex as bad actors continue to increase their success at an exponential rate. Daily headlines of data breaches and ransomware have made it clear that malicious cyber hackers are targeting companies of all sizes and industries.
It’s no surprise that the 19th PWC Annual CEO Global CEO Survey found that 61% of CEOs worry that cybersecurity issues will pose a threat to their company’s growth prospects. All companies regardless of size and area of expertise should treat cybersecurity as the difference between success and failure in the business world. The cost of failing to keep your enterprise data secure is steep – the average cost of a single data breach is now $4M according to the 2016 Ponemon Cost of Data Breach Study.
With benefits and risks on each side, enterprises must choose whether to store their sensitive data in the cloud or on premise. Cloud computing in the enterprise is steadily growing with 94% of companies expecting more than a quarter of their workloads to be in the cloud within two years, according to the Verizon State of the Market: Enterprise Cloud Report 2016.
By applying the following three foundational tenets, your organization can keep your sensitive data secure whether in the cloud or on premise:
Require authentication and authorization, for everything
Authentication and authorization needs to be required as the basic framework for securing your enterprise data. Think of these processes as the first line of defense, making sure your data is only available to users who are supposed to have access.
Authentication ensures the user has the proper credentials to access the data or a network, such as requiring a username and password. Don’t stop there though – a recent SailPoint survey showed that 20% of employees are willing to sell their corporate passwords, with 44% of those willing to exchange the credentials for less than $1,000.
Next comes authorization – a process where the system determines if the user has the permission to access certain areas or to take a specific action. This type of identity and access management is critical to controlling who can access what data and what operations they can apply to that data.
Mandate an audit trail
If something in your network were to go awry, would you rather have to piece together obscure clues and symptoms or take a look at a detailed, chronological set of records that detailed every single operation, procedure and event - an audit trail? An internal security audit trail is essential to data security, providing documentary evidence of the sequence of events and actions.
The same way a bank utilizes security cameras to survey and record their vaults and cash registers, an IT security team should rely on this omniscient record to easily backtrack what happened in your network to reach a solution faster and ensure abidance by compliance programs.
Encrypt, encrypt, encrypt
Encryption is the process of transforming data in a way that an unauthorized individual cannot read it.
There are a plethora of data hacks and breaches that could have been prevented by, or at least lessened by, encryption, including the Anthem medical data breach that exposed the private records of up to 70 million individuals, the TalkTalk hack that led to the potential theft of four million UK customers' details and the Office of Personnel Management (OPM) breach that exposed the personnel data of every single federal employee. Whether your data is in the cloud or on premise, the consequences of leaving your sensitive data unencrypted is high and not worth the risk.
However, encryption alone isn’t enough. Not only do security teams need to implement encryption, they also need to clearly define a key management process.
According to a 2015 survey on trust keys and certificates, more than half of security pros don’t know how to protect keys and certificates and their organizations don’t have a clear understanding or strategy for doing so. The key management process should include how it is generated, a key’s lifecycle, the circumstances in which a key is changed before the end of its lifecycle, and storage considerations.
Ensuring data security for your enterprise is a hefty responsibility and the job gets more complex daily with new technologies available to evolving cyber criminals. By leveraging authentication and authorization, an audit trail and data encryption, your enterprise will be three steps closer to preventing your enterprise’s data from being exposed.
(About the author: Mike Kail is co-founder and chief innovation officer of Cybric. Previously, Mike was Yahoo’s CIO and SVP of Infrastructure, where he led the IT and Data Center functions. He has more than 24 years of IT operations experience with a focus on highly-scalable architectures. Prior to joining Yahoo, Mike served as VP of IT Operations at Netflix and VP of IT Operations at Attensity. He has been widely recognized for his insightful industry commentary on social media, and was recently named by the Huffington Post as one of the “Top 100 Most Social CIOs on Twitter.”)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access