Digitisation has disrupted business models and has created a densely interconnected enterprise landscape. The current pandemic situation has further accelerated its pace of adoption by enterprises. We are living in an economy that is fueled by and based on data.
A data-centric threat landscape
Corporate data is increasingly stored and processed outside the traditional boundaries of the enterprise, in multiple cloud platforms, altering the threat landscape. In a recent blog I wrote for ISACA ransomware attacks have been on the rise, resulting in data extortion threats and IT system compromises. The shared responsibility security model of cloud security dictates that it is the organisation’s responsibility to protect the data entrusted by customers from both cyberthreats and insider abuse.
To mitigate these data security challenges, enterprises are relying on many so called "silver-bullet" solutions, but instead, they have only managed to make data security more complex and costly.
Enterprises historically have rolled out too many single purpose data encryption tools. These tools can only protect specific types of data, systems or environment. This silo based approach creates security gaps, and complexity in operations leading to inefficiencies and escalating costs.
As organisations adopt multi-cloud strategies, it becomes very important to have a unified solution for protecting the data across multiple cloud environments as well as on-premises.
Why is data security so complex?
Today data flows everywhere in the enterprise. First, you’ll need to protect your sensitive data, regardless of where it flows or resides. This sounds very complex to manage the lifecycle of data in the enterprise.
To simplify, all we have to do is control what data is accessible by whom, and to what. Determine where your most sensitive assets are located across your on-premises, cloud, and virtual environments. Search your file servers, applications, databases, and virtual machines for data at rest that must to be protected
Businesses already implement identity and access management (IAM) controls and access security policies to determine how to protect systems and data.
The vast amount of data security complexity arises because many tools cannot reliably enforce those access controls and policies. The Verizon 2021 Data Breach Investigation Report highlights that controlling access to sensitive information is the best practice for mitigating threats to data. These controls include:
- Inventorying and classifying all data
- Encrypting sensitive data
- Limiting access to sensitive data to authorized people and machines
Another factor that contributes to increased friction is vendor lock-in. Many organisations are opting for security tools developed by cloud providers. Although these solutions integrate smoothly with the native cloud platform, they fail to provide interoperability across multiple cloud environments. As a result, enterprises relying on multi-cloud strategies end up with a variety of data protection tools, which create more operational complexity, more configuration errors, and more security gaps.
How can we simplify data security?
We can remove this unnecessary and dangerous friction by implementing robust identity verification and access control to our data. Prevent cybercriminals from impersonating the identity of machines and users. As a second step, we must ensure that no one can violate these access controls to our data, even if they have gained physical access to our networks. To achieve this, there has to be a fundamental shift in how we approach cybersecurity: considering data as the new perimeter and securing the data itself from the time it enters an organisation’s IT ecosystem.
The most robust way to secure data is to encrypt it and decrypt it only when an authorized entity (person or machine) requests access and their identity is verified. Data has generally two states: at rest in storage, and in transit across a network. Encrypting data everywhere, at rest and in motion, makes data security pervasive within the organization. This is crucial.
Thales is your ally in data protection
Thales offers an extensive portfolio of vendor neutral data security solutions that allow your organisation to simplify data protection across multiple cloud platforms.
SafeNet Trusted Access helps you centralize access management and authentication, reduce costs and avoid IT vendor lock-in for access to cloud and hybrid environments.
CipherTrust Data Discovery and Classification efficiently identifies structured as well as unstructured sensitive data on-premises and in the cloud.
CipherTrust Transparent Encryption delivers data-at-rest encryption with centralized key management, privileged user access control and detailed data access audit logging, protecting data wherever it resides, on-premises, across multiple clouds and within big data, and container environments.
CipherTrust High Speed Encryption is a single platform to encrypt everywhere— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud.