A bit over a week ago some of our senior executives were in New York for a CSO summit. Our own CSO (Sol Cates) and CEO (Alan Kessler) were among those attending. One observation from the summit - this year’s sad (and still growing) total of data breaches is causing people to pause and reflect about how their security dollars are being spent, and how they could be used more effectively.
A twin set of drivers for this reappraisal includes more sophisticated threats, and the need to make use of cloud and SaaS applications for business efficiency and agility. And this needs to be done now to stem this continuing parade of lost data, reputation and confidence. The fewer organizations that end up like Home Depot – who had purchased software to safeguard POS transactions, but not completed the roll out before they were breached at those POS systems – the better.
Our Insider Threat report released earlier this year also showed that organizations are investing to offset the latest set of threats. The report focuses on both traditional insiders as well as the effects of compromised user and administrative accounts (used in the majority of high profile breaches this year). 66% of organizations surveyed are increasing spend to offset these threats.
But where does that investment need to go? And what will provide the best returns on the investment made? Lets take a look at this through the lens of those two key drivers for the answers:
Driver 1 - Offsetting increasingly sophisticated threats
It’s time now to realize that protection for sensitive data needs to focus on the fact that networks and systems can and will be penetrated by these increasingly sophisticated attacks, and then architect applications and infrastructure with that in mind. It’s not a matter of “whether” organizations will be penetrated, but “when”.
There are security controls that can help to slow down these attacks, prevent them from getting to data with many of their favorite methods, and catch them earlier to minimize the damage. These defenses fall into a few categories – and are more effective than traditional firewalls, AV, IPS/IDS and DLP at stopping these threats. It’s not that these traditional defenses aren’t needed, but the focus needs to shift toward the data.
- Data-centric security tools – Encryption, access controls, tokenization, data-masking and data access monitoring combined with access pattern analysis from SIEM or Big Data for Security implementations dramatically reduce the attack surface available. Privileged users (a primary target account to compromise) can’t access data, and can be identified as potentially compromised when they attempt to do so inappropriately. In effect, only those with a “need to know” have access, and their patterns of access can be monitored to identify unusual behavior that may indicate an attack in progress.
- Strong multi-factor authentication methods – One of two techniques that radically slow (but not stop) penetrations, since not only a password and login are required, but additional methods are used. These methods include access verified with a secure token, access from an authorized device, specific IP address, or a one-time passcode sent to a phone are good examples.
- Granular network segmentation – Moving about can also be slowed by using smaller subnets – causing attackers to have to negotiate firewalls between segments and capture appropriate credentials as they go.
Driver 2 - Enabling the use of cloud and SaaS resources for business advantage
In this case, the enterprise perimeter is no longer in place (or can be considered to have been expanded beyond its traditional border), and there are additional risks driven by the nature of the cloud environment (Driver #1 still applies, but with more privileged user roles available for compromise)
At the same time, enterprises are driven to use cloud/SaaS resources because of the cost efficiency and business flexibility that they bring – basic advantages that can help drive enterprise profits and new offerings. But to make this jump strong data protection is required as a basic enabler – It’s not a cost. Putting in place appropriate security controls enables an enterprise to take advantage of these offerings when they otherwise could not.
Implementation though, has to take a slightly different focus from that used within a traditional enterprise. In addition to the controls in Driver 1 above, implementations need to ensure that only the enterprise has access to their sensitive data in the cloud. This is easiest for Infrastructure as a Service (IaaS) environments – for example, a solution like Vormetric’s can enable an enterprise to control their encryption keys locally within their corporate environment, effectively preventing access to data from the cloud environment even if compromised, and eliminating it as a risk.
If organizations take steps now to reprioritize spend to areas where it matters most, the ROI can be distinctly positive. It can enable them to save money with cloud and SaaS applications that wouldn’t otherwise be available, and greatly reduce the risk of breaches of sensitive data from their organization – No matter where it resides.