Current Filter: Network>>>>>Feature>

   

Evolving business trends have caused an explosion of endpoint devices as employees capitalise on new mobile technology in the work environment. However, employee convenience, mobility and business security rarely go hand in hand. Inevitably, the proliferation of endpoints is wreaking havoc amongst IT security teams who are tasked with protecting the business network: they simply can't keep up.

In March 2015, the Government Communication Headquarters (GCHQ) suggested that the best defence strategy was to strip employees of all such devices. However, a far more sensible approach is to turn the issue of data protection on its head. Many of the IT security teams struggling to keep up with new devices and the demands placed on the network share one common issue by taking a reactive approach to network and business security. In a modern, mobile business environment, stubbornly sticking to this approach leaves them on the back foot and playing catch-up.

A far more effective approach starts with a simple question: what do hackers want when they break into a vulnerable business network? In the majority of cases, the answer is the same - data - and it doesn't seem to matter if its personal information, credit card numbers, source code or trade secrets. With this in focus, rather than trying to keep up with every new endpoint vulnerability and security leak, it is better to focus on protecting what the criminals want.

A data-aware approach applies endpoint protection at the kernel level of the operating system, which provides complete visibility to all hardware, software, data storage and data movement. In addition to complete visibility, enforcing usage policies based on the sensitivity of the data, the user, and the intended action (e.g. email, move, copy, print) will ensure sensitive data is continuously monitored and in turn protected from unauthorised access or movement.

At its core a data-aware approach has three key requirements that focus on applying protection directly to the data:

Identify sensitive data continuously: It is hard to protect data if you don't know where it is. Generating a point-in-time inventory of data is a first step, but it won't account for data that is created or modified after the inventory, or data movement over time. To protect data effectively, an organisation must consistently and continuously monitor, identify, and classify data as it is created or modified. This process can be automated but it must occur in order to continuously protect data.

Monitor sensitive data continuously: Data isn't static. Employees, customers and partners use and modify it, as do business applications. As mentioned earlier, protecting a central data store alone is not enough. Critical data also exists on the burgeoning endpoint estate as well as in email to users inside or outside of the enterprise. Knowing where the data used to be doesn't help. It must be tracked throughout its life, and maintain appropriate classification regardless of location.

Protect sensitive data and use contextually: Protecting data doesn't mean simply locking it down. It requires a contextual understanding of three factors: what actions may be taken with the data, by whom and under what circumstances. Certain actions may be permissible on the corporate network, but not off the network. Privileged users need to configure devices but they should be prohibited from viewing specified files while doing it.

Reacting to previous breaches can plug holes in an organisation's defences, but it's not a sustainable strategy. By applying protection directly to data, organisations gain continuous visibility to data creation and use. If you know where your data is at all times, policies controlling its use including blocking misuse are simpler to implement. In short, data-aware security protects sensitive information without the guesswork. NC