Enterprises Must Formulate a Plan of Action Through Testing and Remediate Issues Before They Get Out of Control
Enterprise security used to be dependent on network boundaries. Data sat on tightly guarded systems in the data center, and the network was locked down at the perimeter, preventing anyone without authorization from worming their way in. From every access angle, the enterprise maintained tight control over their infrastructure, apps and data.
Digital transformation, self-service and the cloud certainly have changed this dynamic. Users with little IT or cybersecurity training are now responsible for IT systems that run newly automated business processes. At the same time, mission-critical workloads have migrated from static data center architectures to dynamic cloud architectures —even across multi-cloud environments—where the underlying infrastructure is owned, managed and secured by one or more third-party providers.
The result is that enterprises have lost much of the definition that made perimeter defenses possible. Hackers can probe cloud systems or target unsavvy users, looking for weak links that they can exploit. Once in, they can lay and wait for weeks—even months—searching for a chance to gain access to valuable information. Traditional perimeter defenses—while still a vital component of an enterprise security strategy—provide limited protection against attacks that originate inside the network. Enterprises need to rethink security to focus less on the perimeter and more on identifying anomalies in user and network behavior that may be indicators of an attack in progress.
In addition to these issues, the rollout of the General Data Protection Regulation (GDPR) in May is also forcing enterprises to rethink how they approach information security. It forces enterprises to take greater responsibility for the impact data breaches have on customers, employees and partners. Under the EU law, companies that suffer any breach of personally-identifiable information (PII) is liable up to 4 percent of annual global revenue. While the public has largely borne the brunt of previous breaches, GDPR will force organizations to take greater financial responsibility over their protection of PII since failure means a large hit to their bottom line.
Network visibility and network security testing are critical components of a persistent security strategy. Rather than try to defend against threats only at the perimeter like traditional security approaches, organizations need to be able to quickly identify threats and vulnerabilities inside the network, formulate a plan of action through testing and remediate issues before they get out of control.
Here are five steps enterprises can take to rethink their security strategies:
1. Assign roles specific to these new threats
One of the most important things an enterprise can do is assign specific roles to take on greater responsibility for data security. Rather than spreading responsibility across the IT department or giving an existing manager additional responsibility, putting a single person or team in charge ensures that a persistent security strategy will be given the attention it deserves.
2. Audit data and infrastructure immediately
This new role needs access to information to do the job properly—and this begins and ends with visibility inside the network. Enterprises need to know exactly what data they are dealing with, what policies need to be attached to each type of data, who has access to that data, and where workloads accessing critical data are running—whether they are running in a private, public or multi-cloud environment. It is also important to document data capture methods for compliance. An initial audit, in addition to ongoing asset discovery, is essential to understanding security and compliance postures in real-time. This enables the enterprise to identify what and where it may be vulnerable, so action can be taken to close those gaps.
3. Create baselines
Once the enterprise has a solid understanding of its data and who should have access, it needs to take steps to capture expected behaviors. Things like what roles within the organization should have access to what data, who should not have access, and how that access is granted or denied, should be recorded and turned into a baseline of expected behavior.
4. Monitor for abnormalities
Enterprises then need to monitor user and network behavior against these established baselines to identify anomalies in expected behavior. A user downloading terabytes of data should set off red flags. A user with marketing credentials should not be accessing server logs. Critical development information should not be downloaded to an unknown offsite server. The enterprise must ensure that no mechanisms, such as these, are being put into place that would enable a breach to take place.
5. Ensure security data is also secured
Lastly, enterprise security teams need to get their own houses in order. PII, included in everything from vlogs to personnel data, needs to be secured through masking technologies. Information, such as social security or credit card numbers, can be routed into masking appliances and inked or x’ed out. That way, the team in charge of security is not the weak link.
The world of business is changing, and enterprise security needs to keep pace. Emerging regulations are making companies take more responsibility for PII including the financial repercussions of a breach. It is critical that enterprises assign specific roles to meet these new challenges, get a better understanding of current security states, understand expected behavior, monitor for abnormal behavior and deploy masking technologies to ensure PII is always protected.