For years, network security has been focused on keeping the bad guys out. Nearly all of the most common security solutions are focused on perimeter defense: Antivirus protection and firewalls have largely protected corporate networks, which have largely been housed in bricks-and-mortar onsite data centers. IT security has been geared toward identifying suspicious activity and containing it and preventing unauthorized access to the data.
The problem is that the traditional in-house data center is no longer the norm, and the “perimeter” as we once knew it no longer exists. Data is stored in the cloud, employees use their mobile devices to access secure applications and data, and trends like telecommuting, geographically diverse teams, and Web mail have all but dissolved the “network perimeter” as we once knew it. Because the boundaries are so blurry, and cyber criminals become more sophisticated every day, some experts predict that it’s not a matter of whether an enterprise will experience a breach, but when the breach will occur.
While protecting networks via traditional methods, including intrusion detection and prevention and restricted access, will always be a part of a complete security protocol, it’s time that enterprise security solutions pay more attention to what is being protected: the data.
Data Security Should Not Be an Afterthought
While protecting the actual data is vital, many organizations struggle to do so adequately. The first hurdle is identifying which data is “sensitive” and needs to be protected. In some cases, the parameters are easily defined: Organizations working with financial and/or protected health information have a legal obligation to take every precaution to protect the data. Other organizations have less clear-cut definitions.
Another common barrier to data protection is the availability of a solution that provides adequate protection in an environment that is constantly changing. There are a number of options for protecting data that range in complexity, and many organizations choose the easiest or least expensive option without fully considering the type of data they are protecting. Finally, the expansion of the perimeter itself is a barrier to protection. When data is being accessed, transmitted, and stored across platforms and on a constant basis, how does a company monitor and identify threats and protect the data from theft?
Despite these concerns data protection cannot be an afterthought. Fortunately, there are a number of methods for protecting data that when combined with perimeter protection, will reduce the likelihood of a costly breach.
The problem is that the traditional in-house data center is no longer the norm, and the “perimeter” as we once knew it no longer exists. Data is stored in the cloud, employees use their mobile devices to access secure applications and data, and trends like telecommuting, geographically diverse teams, and Web mail have all but dissolved the “network perimeter” as we once knew it. Because the boundaries are so blurry, and cyber criminals become more sophisticated every day, some experts predict that it’s not a matter of whether an enterprise will experience a breach, but when the breach will occur.
While protecting networks via traditional methods, including intrusion detection and prevention and restricted access, will always be a part of a complete security protocol, it’s time that enterprise security solutions pay more attention to what is being protected: the data.
Data Security Should Not Be an Afterthought
While protecting the actual data is vital, many organizations struggle to do so adequately. The first hurdle is identifying which data is “sensitive” and needs to be protected. In some cases, the parameters are easily defined: Organizations working with financial and/or protected health information have a legal obligation to take every precaution to protect the data. Other organizations have less clear-cut definitions.
Another common barrier to data protection is the availability of a solution that provides adequate protection in an environment that is constantly changing. There are a number of options for protecting data that range in complexity, and many organizations choose the easiest or least expensive option without fully considering the type of data they are protecting. Finally, the expansion of the perimeter itself is a barrier to protection. When data is being accessed, transmitted, and stored across platforms and on a constant basis, how does a company monitor and identify threats and protect the data from theft?
Despite these concerns data protection cannot be an afterthought. Fortunately, there are a number of methods for protecting data that when combined with perimeter protection, will reduce the likelihood of a costly breach.
Data Protection Methods
Data protection methods vary widely, and many enterprises use several methods.
Encryption. Encrypting data to render it useless to prying eyes is an effective means of securing it. Encrypting data during transmission is important, but it’s also important to encrypt data while it’s at rest in a data center or in the cloud.
Hardware-Based Security. This security solution uses physical-access restrictions to protect data stored on a specific device; without the access credentials and token or biometric readings, access is denied. Some consider this type of data protection to be among the most secure, because without physical access to the hardware, it’s impossible to access the data.
Masking. Masking protects data by disguising or redacting certain information from stored data. This is useful when revealing information to users when they log in; for example, showing only the last four digits of an account number.
Erasure. Finally, erasing data permanently protects it from unauthorized access. If you are reusing or recycling hardware, erasing data is important to prevent an unintentional breach.
Which data protection method is best for your company depends on the type of data you’re protecting and how it is accessed. Regardless, you need to employ at least one form of data protection, or face the inevitable fallout from a data breach.
Data protection methods vary widely, and many enterprises use several methods.
Encryption. Encrypting data to render it useless to prying eyes is an effective means of securing it. Encrypting data during transmission is important, but it’s also important to encrypt data while it’s at rest in a data center or in the cloud.
Hardware-Based Security. This security solution uses physical-access restrictions to protect data stored on a specific device; without the access credentials and token or biometric readings, access is denied. Some consider this type of data protection to be among the most secure, because without physical access to the hardware, it’s impossible to access the data.
Masking. Masking protects data by disguising or redacting certain information from stored data. This is useful when revealing information to users when they log in; for example, showing only the last four digits of an account number.
Erasure. Finally, erasing data permanently protects it from unauthorized access. If you are reusing or recycling hardware, erasing data is important to prevent an unintentional breach.
Which data protection method is best for your company depends on the type of data you’re protecting and how it is accessed. Regardless, you need to employ at least one form of data protection, or face the inevitable fallout from a data breach.