Story image

Exclusive: Five steps to a data-centric security strategy

18 May 18

Article by Digital Guardian EMEA VP and GM Jan Van Vliet

For most organisations nowadays, the network – in its traditional sense – no longer exists. With the proliferation of connected devices, data is no longer confined to four walls. IT teams’ concerns need to shift from worrying about who or what enters the network to focusing on the data itself – where it’s going, who’s accessing it and how is it being used.

Here are five steps to get you started:

1. Understand your data

First things first. Understand what you’re dealing with. Get to grips with what data needs protecting and the level of protection it needs. Step one is discovering the data (regardless of where it resides). Step two is to determine appropriate categories. Step three is to identify the sensitivity of that data – and prioritise security efforts on the most sensitive data first. And step four is to outline policies and procedures that allow employees and others who come in contact with the organisation’s data to operate within the framework of compliance.

2. Practice continuous surveillance

Advanced attacks do not occur at a single point in time. Neither should your surveillance. To protect data effectively, an organisation must consistently and continuously monitor, identify and classify data as it is created or modified. Constant data surveillance signals that you are serious about data protection. Data protection is not a stand-alone task – it is an on-going journey.

3. Get DLP right

Data loss prevention (DLP) is a critical part of comprehensive data-centric security. However, effective DLP implementation requires active participation from the organisation; it is not a “set it and forget it” platform. Effective DLP requires a contextual understanding of three factors: what actions may be taken with data, by whom and under what circumstances. As new data is created and people come and go, these policies will need to be adapted and updated. DLP is a constant process of understanding your data and how users, systems, and events interact with that data to better protect it.

 4. It’s so much more than compliance….

Regulations such as the GDPR represent efforts to ensure that organisations are taking the right steps to protect sensitive data. But the protection of sensitive data is more than simply ticking the regulatory compliance box. Organisations should shift efforts towards expanding their objectives from simply focusing on the regulation aspect to protecting data from all threats. A data-centric security solution will tick both boxes.

5. It’s all about the context

Traditional DLP solutions focus solely on the actions of the insider and lack an awareness of external threats that target data. External threat actors aim to gain the access rights of an insider. Without threat intelligence and knowledge of unusual behaviours, DLP solutions are somewhat ineffective. It is paramount that the IT team is able to see, understand and stop external threats in action. A security product that protects data, without contextual awareness, will likely lead to data loss. Effective data protection requires organisations to understand and identify the root of an attack as fast as possible to prevent it from evolving and becoming a real problem.

Moving away from a traditional network focus to protect sensitive company data is undoubtedly the way forward in the age of digital transformation. With the perimeter now a borderless entity, IT teams must focus on protecting data, no matter where it travels or resides. Through a mixture of data classification, protection and threat intelligence, organisations can ensure greater protection of data at all times. 

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.