Tuesday, May 19, 2015

Jason Atchley : Data Security : Four Ways IT Teams and CIOs Can Improve the Security Status Quo

jason atchley

4 Ways IT Teams and CIOs Can Improve the Security Status Quo

By Perry Dickau
Few conversations are more stressful for IT pros and CIOs than the ones immediately following a data breach. The unauthorized exposure of customer or employee personally identifiable information (PII) or intellectual property/trade secrets is a worst-case scenario for most companies, so it’s only natural that proactive data protection is a priority. As the recent RSA Conference made clear, it’s no longer enough to enlist reactionary security strategies or focus solely on preventing hacks at the perimeter. Instead, your company must minimize threats by protecting data where it lives.
The only way to avoid that awkward post-breach conversation is to stop it from happening in the first place. Here are four important ways to start improving your data security landscape before a breach occurs.
Protect data at its core.
Data lives and moves within a layered ecosystem – from where it is stored, through networks, servers, applications, and firewalls – as it is managed and consumed throughout its lifecycle.  Does your team prioritize the application or firewall layers at the top of the IT stack when you’re developing security protocols? This strategy has been proven largely ineffective, so it’s time to make changes to the security status quo.
Securing the perimeter is an integral part of data protection, but this method alone is one-dimensional and outdated, and it can leave your business powerless against new threats. Eliminating the possible effects of a breach at the center of the IT stack is more effective, and it’s a more prudent use of time and money. Securing PII and other sensitive data where it’s created means that even if an outsider gains entry to your network, he won’t readily be able to steal information.
Don’t follow hackers’ leads.
It’s important to update security protocols as new threats emerge, but this can’t be the only weapon in your arsenal. Status quo security methods can only stop known threats, and playing catch-up to the evolving security landscape is a losing proposition for IT teams and CIOs. Instead, stay ahead of cybercriminals by creating a holistic approach that uses actionable insights to protect infrastructure on both the inside and outside.
Consider the security of your ecosystem, not just your IT.
The Ponemon Institute reports that 78 percent of data breaches are caused by employees saving information in a vulnerable domain or deleting critical files, while hackers are increasingly adroit at getting into corporate IT systems through other paths. For example, back-door approaches like exploiting unused accounts practically invite hackers to gain entry undetected.
Data-aware technology secures data as it’s created, increasing protection and eliminating threats. If your efforts are devoted to keeping threats out, your core ecosystem won’t be prepared to withstand a breach when one manages to get in. The companies that have suffered high-profile hacks in recent months are a major reminder that change is needed in the security industry, and it’s time to do something different in order to get – and stay – ahead of inbound threats.
Accept that you can’t stop a breach in its tracks.
This isn’t an easy thing for a company to accept. CIOs want to know their teams can identify issues as they occur and bring them to a halt instantly. Unfortunately, this isn’t a reality for anyone. Even detecting a breach or hack while it’s happening has proven difficult. Frequently, the only way to discover these issues is through monitoring event logs or after the subsequent fallout. Adopting a security protocol that improves data visualization can help you prevent data breaches before they take hold, which becomes far more valuable than trying to stop them as they occur.

No comments:

Post a Comment