As chief security officers (CSOs), you know that keeping data security is a critical component to your job. My colleague CJ Radford recently summed up our role as follows: when data is inside your four walls, you put trust in your own employees, the infrastructure and security solutions that you select, and the policies that you create to secure it. What happens when that data falls outside of the walls or you can’t take full ownership of your data? This is where the CSO comes in.
Here are some ways that CSOs can be data security heroes:
Simplify the Infrastructure:
Leveraging tools like cloud and platforms as a service (PaaS) is becoming more common amongst enterprises. For example, when loading analytics into Azure or Amazon and allowing that application to produce the analytics, you are able to scale data and information without exposing the infrastructure holding the data.
However, the issue with using third party platforms is that you’re often relying on other people’s computing and infrastructure, which may not always be secure. Imagine if a third party placed your data into their own platform, giving you no control. Scary, isn’t it? Working with a variety of organizations at Vormetric, we tend to hear this as a top challenge.
What can CSOs do to alleviate this challenge? By simplifying your solution, you’ll simplify your problem. Using 20 different products means working with 20 different vendors and teams of people that only know how to work with certain products. As a result, baking security within one’s own platform or infrastructure tends to be the best approach.
Be the savior of your IP:
It’s not just the network and identity controls that are used to help protect infrastructure, but also to determine the importance of your IP. Looking at your architecture that houses and manages the data is a recommended place to start. When examining data, it’s important to observe from the inside out, not the outside in. Find your own secret sauce and the data that is deemed the “crown jewels” of your organization. This creates not only a value add for the CSO, but for the entire company.
Evaluate your Data:
In order for the CSO to be the knight in shining armor, remember the three-tiered evaluation approach:
- Understand: Understand what your IP is and educate yourself. It is also important to identify the data that should be considered the “crown jewels” for your organization.
- Classify: Determine where your data resides and how it communicates with the existing infrastructure.
- Protect: Here at Vormetric, we can’t stress this enough. Look at ways to protect data. Whether encryption, tokenization or other methods of data security, you can’t cover your bases with a sole reliance on compliance.
In all situations (whether or not you are the CSO) organizations should consider the use-cases and interaction of data. Does your data interact with third party applications? Who has access? If you want to know if your data is safe, you have to watch insiders with legitimate access and look for unauthorized access attempts. Watching out for changes in the amount and type of data being accessed by individual users at any given time can be essential to spotting an insider turned rogue or determine if their credentials have been hijacked by cyber-criminals. This is a good way to measure how an organization stacks up against potential threats. Remember, the better you understand your data, the more secure your data will remain!
Questions? Tweet to me @solcates.