User identity and access management: New data security perimeters

The types of control security personnel can maintain over their data centers are changing. As more companies embrace cloud and mobile infrastructures, areas that cause IT teams to relinquish some level of control, security pros are tightening their grips on the areas they can fully manage and protect – for example, sensitive data and user identity.

Jon Oltsik, principal analyst at Enterprise Strategy Group, recently addressed this shift in a Network World article, “Data and Identity: Two New Security Perimeters.” In it, he writes: “Data security and identity and access management (IAM) are rapidly becoming new security perimeters.”

Here’s why: in 2015 alone, there were 781 data breaches, according to a recent report by the Identity Theft Resource Center. A few of those incidents are now paving the way for how we plan for future attacks. In 2016, virtual machines and IT infrastructure are getting smarter, but so are data thieves. By implementing monitoring tools and classifying sensitive data, the risk of a data breach happening at a given organization can go down.

You already know your company probably can’t prevent a motivated attacker from gaining access to your systems. However, there’s a lot you can do to prevent a breach from happening and to recover your sensitive data safely. Oltsik highlights various ways enterprises are updating their security strategies, and what they’re learning in the process:

  • Data classification: CISOs are focused on classifying sensitive data and everything that comes with it – where it lives, who accesses it, and just how protected the file may be.
  • Security controls: Companies are testing approaches with converged infrastructure, micro-segmentation and end-to-end data encryption in order to increase control for data itself and the systems that house sensitive information.
  • Encryption key management: Holistic key management architectures are taking the place of tactical management systems, as CISOs work to reduce risks and operational costs.
  • Continuous monitoring: The more you can turn your eyes and ears toward your sensitive data, the more you can identify where it lives and adequately protect it.

One of a CISO’s most critical tasks is preparing her company to face a worst-case scenario. As new infrastructures change the traditional rules surrounding security controls, teams can compensate with new technologies that prioritize data visibility and full-system awareness about risks and threats.

To manage sensitive data, avoid three common mistakes.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.