Cybersecurity and terms written about it, such as “ransomware,” “malware,” and “hacker” have become part of our regular vocabulary. Concerns about protecting our identities and personal data are on the rise in our day-to-day lives. With the onslaught of news reports about data breaches and various hacks, the awareness is more elevated now than it has been in the past few years.
The discussion about security doesn’t usually start with whether we need security but instead is typically focused on whether we have the right safeguards in place or are taking appropriate steps to manage our security and the best ways to validate that the risk is being reduced.
The security emphasis has often been placed on the perimeter, network, firewalls, and endpoint protection. This is a very important part of security, but today, there is also a growing awareness of the need for data protection and ways to secure data sources inside the perimeter.
Anyone with responsibility for system security has heard the term “defense in depth.” Different layers of security are needed to build a secure infrastructure and continue into data repositories. Securing access to a server alone is not enough, as data can flow from one server to another. As a result, we have to look at data in transit and manage all of the points of access while patching and protecting against vulnerabilities. The more complex the environment is, the more arduous it can become to ensure security for the different layers that are required.
Complicating matters, more and more data is being made available to businesses for solutions, processes, workflows, and intelligent decision making, and this presents new challenges. It not only puts stress on data systems, but it places demands on security processes to protect the data that is coming in at greater velocity through big data and other related processes. Securing the data and protecting the enterprise’s assets and value are not simple processes.
Audit and Activity Logs Should Be Analyzed
Is security the next frontier for big data, or is it the unattainable “holy grail”? Either way, security-related data is coming into the enterprise in large quantity and at rapid speed. As audit and activity logs are being turned on in the databases and systems, the information is just begging to be analyzed to find the normal and abnormal behavior patterns. This is a key opportunity for understanding the security big picture and can help to cross over from detection to protection. Correct analysis will allow for protective measures to be in place to enable the business process to continue and alert, stop, and protect against the nefarious behaviors.
Why Perimeter Security Is Not Enough
Companies have devoted considerable effort to securing perimeters, but it isn’t enough, as new vulnerabilities and access routes are discovered. Large amounts of data move between systems and in and out of data environments to support the business and enable better analysis for more informed decision making. At the same time, there is also a growing wave of regulations and compliance policies that must be followed to avoid penalties, ranging from monetary fines to tarnished reputations.
Understanding that there are layers of security, where should a company start? Are big data processes and workflows going to be included in a security approach, or can a company rely on network and other firewall protections to protect their data? Is it possible to get to a state of running analytics and gathering security intelligence on all of the activity in an environment? Is this going to be what is needed to drive security initiatives and reduce the risk in the environments? It is not necessarily an easy approach, but a step-by-step process and review will enable a company to refine and continuously reduce risk, while applying the findings from the analysis.
There are several paths to take in the security journey. The route will include securing the databases and data in movement, as well as doing analytics on activity and behaviors in the environment to protect against potential threats.
Where to Start?
The first step in creating an effective data security approach is to simplify. Organizations routinely require a combination of processes, data integrations, migrations, and access to much of the data. It is not possible to simplify by locking everyone out of the data to secure it, but, if it is completely open, there will be unauthorized access to the data. Standards and policies are necessary to remove complexity since they can be leveraged to provide consistent roles and ensure data classification. Roles will define the groups that will be authorized to access the data, and the classification will identify the data that can be accessed.