Every complete story contains the five "Ws" — the who, what, when, where and why. The very best stories, however, also include the "how." This is because knowing how something occurred is incredibly instructive, not just for those trying to replicate the feat, but also for those trying to ensure that something like that never happens again. I see some interesting parallels in the data security sphere that I'd like to share, because the only way for organizations to thwart would-be cyber attackers is to take a "defense in depth" security approach that shows them the whole story.
The world has changed enormously in the last 12-24 months and data is clearly the new currency. Your customers' personal information, your financial data and your intellectual property all have value, and that means you must vigorously protect that data, irrespective of whether it resides in your data center or in the cloud. To do that, you must not only put in place technology solutions that protect data as close to the source as possible, but also implement policies and processes that will enable you to answer these five "Ws" as well as the "H":
- Who is trying to access my sensitive data?
- What exactly are they trying to access?
- When are they trying to get at it?
- Where does all my sensitive data reside, and where is the user trying to access my data?
- Why are they trying to access it?
- How are they trying to get in (which application, which process, which phishing tactic)?
One large financial services customer of ours gets the "complete story" by tightly integrating data loss prevention (DLP) technology with advanced encryption, centralized key management, security intelligence, and rich auditing capabilities that provide timely reports/alerts to serve both compliance and surveillance purposes. That customer uses DLP to find out what sensitive data exists and where it lives. They then use Vormetric Data Firewall so that it is only accessible to those with a clear "need to know," based on Vormetric policy requiring the data owners to remediate (claim and check out the data) when they want to access it.
Rich audit information tells our customers who is accessing what specific data when. DLP technology identifies the sensitive data where it lives. The why and how come from the security intelligence we help customers continuously gather; it helps them further refine their policies and processes so they can remain one step ahead of whatever bad guys want to access and steal their data.
With today's increasingly sophisticated and patient cyber attackers, it is incumbent on enterprises, government organizations and cloud service providers alike to take the actions necessary to understand the whole story around their sensitive data. In fact, getting the whole story is the only way anyone can hope to thwart both insider threats and external threats like Advanced Persistent Threats (APTs) over the long term. How does your organization go about getting the whole story?