When it comes to sensitive data, go with zero-trust security
Not all data is created equal. That should be one of the main tenets of every information security program. While security tools and services as a whole should aim to protect IT assets throughout the entire organization, clearly some information that organizations hold is more valuable, strategic and sensitive than other information.
For example, data about a company’s products, sales or executives that is publically available on the corporate website or social media would not be considered sensitive or especially strategic. But the details of a customer transaction, including personal information such as the client’s Social Security number, credit card number or annual income, would be. So would intellectual property that pertains to the company’s research and development efforts.
The challenge for many organizations is how to determine where all the sensitive data resides. Despite efforts at simplification, IT infrastructures at many companies have actually become more complex, with some data assets stored in data centers, some in the public cloud, some in private clouds, some on mobile devices, etc.
Without visibility into where sensitive and confidential data is stored, as well as who has access to the information, it is extremely difficult for companies to protect their information resources against data breaches.
Organizations need to consider adopting a zero-trust security model as a way to protect data and data access at every layer, from the network perimeter down to the various storage systems. Solutions are available that enable this by leveraging technology tools, such as powerful analytics, in-depth pattern matching, and search and discovery to automatically analyze a company’s virtual infrastructure to identify where sensitive data is at risk of exposure.
Using dashboards, managers can quickly find misplaced data and inappropriate access to information, and monitor user activities and file updates on an ongoing basis. By automating key workflows, these tools simplify the discovery and ongoing analysis of sensitive data across an IT infrastructure.
The stakes are high, with the consequences of a data breach potentially including financial fines resulting from failure to comply with regulations; lawsuits by customers, employees or business partners; and lost revenue.
According to the “2016 Cost of a Data Breach Study” by the Ponemon Institute, the average consolidated total cost of a data breach is $4 million. The cost incurred for each lost or stolen record containing sensitive and confidential information increased from a consolidated average of $154 to $158. In addition to cost data, the report put the likelihood of a material data breach involving 10,000 lost or stolen records in the next 24 months at 26 percent.
To prepare the report, the institute collected detailed information about the financial consequences of a data breach, which it defined as an incident in which sensitive, protected or confidential data is lost or stolen and put at risk. Over a 10-month period, Ponemon researchers interviewed IT, compliance and information security practitioners representing 383 organizations in 12 countries.
But the risks go beyond financial considerations. Companies that fail to protect confidential data can also suffer damage to their reputations and even see an impact on their long-term viability.
Becoming data aware is the first step in protecting your sensitive data. Schedule a live demo to see how it’s done.Like This