Thales Blog

Reducing The Risk Of Data Breaches For U.S. Federal Organizations

August 4, 2016

Reducing_Federal_DB_RisksEinstein’s definition of insanity is doing the same thing over and over again and expecting different results. And if Einstein said it, it must be true, right? Using this definition, I would argue that many IT security professionals at U.S. federal organizations suffer from cyber insanity – and here’s why…

According to Gartner, the world-wide cybersecurity market topped $75 billion in 2015, and is expected to increase to $170 billion by 2020. And of the billions spent annually on information security products, the vast majority of that sum is spent on legacy security technologies like firewalls, antivirus and intrusion prevention.

Click To Tweet:  Reducing the Risk of #DataBreaches for US Federal Agencies @wayne42675

While traditional perimeter defenses are valuable components of a layered security approach, they are not able to prevent data breaches and ensure the safety of data once attackers compromise networks and systems. And yet, time after time, breach after breach, federal organizations continue investing in these traditional perimeter solutions. If we subscribe to Einstein’s definition, I think that constitutes as insanity.

Want to know more about what U.S. Federal IT Security Pros are doing about their data security problems?  Read the Federal Edition of the 2016 Vormetric Data Threat report here.

In fact, 60% of respondents of our recent U.S. federal edition of the 2016 Vormetric Data Threat Report (DTR) believe network defenses are ‘very’ effective at safeguarding data. Data-at-rest defenses, which can protect data after such network defenses have failed, were ranked last in terms of U.S. federal spending plans, with just 37% planning to increase their spending on data-at-rest defenses. 451 Research’s Garrett Bekker put it best: “federal IT security professionals are like generals fighting today’s wars with the weapons of yesterday.”

In order for federal organizations to bolster their defenses and move towards data-centric approaches to cybersecurity, I recommend the following data security best practices:

  1. Secure both unstructured data and structured data within applications. Implementing data security technology, such as encryption, for both unstructured and structured data is a critical step in keeping organizations protected. For more on this approach, listen to our recent podcast on taking a structured approach to your structured and unstructured data.
  1. Guard against insider threats by implementing role-based access control policies. The insider threat landscape is becoming increasingly difficult to deal with as insiders move beyond employees who have access to corporate data. Add to the mix business partners, suppliers, contractors and third-party service providers who have access to your network or cloud resources – suddenly security requires a completely different formula. Unless proper control systems are put in place, these third parties often have the ability to steal unprotected data from corporate networks. Organizations should look for a solution that enables a straightforward policy management for access to sensitive data.
  1. Encrypt cloud data and keep the keys. Everyone is running fast and furious to the cloud. However, as federal agencies move away from maintaining on-premise systems, it is critical that data stored in the cloud is encrypted with key management controlled by the agency, not the public cloud entity.
  1. Data should be encrypted both “at rest” and “in motion.” Whether in motion or at rest, data should never be available to system administrators as unencrypted and users should only have access to the data they need – not the entire database.

It’s clear that many federal organizations are struggling to find the appropriate strategies and technologies to secure their sensitive data, but one question remains: why? One possible answer is that some organizations don’t fix issues until after the breach occurs, which leaves data vulnerable to compromise if data is un-encrypted. Many organizations also have perceptions that data-centric solutions are simply too costly or too hard to deploy.

Sound familiar? To learn more about the simplicity of the Vormetric Data Security Platform, as well as how you can reduce the risk of a data breach for your organization, check out our recent webcast with SC Magazine, archived here. Feel free to also leave a comment below or tweet me at @Wayne42675.