Way back when data centres were largely company owned, as well as the servers, machines, and the software installed on them, we knew where our data was, who had access to our network, and we had pretty good control over who was accessing the data. The working and company environment was reasonably contained and simpler to manage and control. The threat landscape was different and not as diverse as it is today.
Today, however, the same cannot be said! The data centres that we now use are mostly not company owned, but rather belong to a provider and reside in the cloud. They are no longer on our premises or part of our physical infrastructure. They are not visible to us. The data centres we now use, we can’t see but just know that they are there. Software and applications used are also in the cloud, on someone else’s servers. We can choose to rent services and space and decide whether to share services and space with others.
Mobile computing and the use of mobile devices is common practice -some devices are company owned, others personal (many unprotected) and they are being used anywhere and at any time to access these cloud-based applications, services, systems and data. Endpoints are ubiquitous and the once contained network is an occurrence of the past for most organisations.
Times have changed…has the security focus
The threat landscape has drastically expanded and changed over the last two decades. Moreover, our IT environments and the way in which we function has also transformed. Consequently, our security efforts should have followed suit, but most people do not like change and will stay with what they know and are comfortable with for as long as they possibly can.
This is a problem when it comes to securing data within our present-day landscape as it is so drastically different. There is no chance that solutions and methods that focused on a very different environment and set of threats will still achieve successful security and data security for today.
Some organisations have and are shifting their security focus, nonetheless, others are still focusing efforts in the wrong areas. It is essential that we focus our efforts in the right places to achieve the best security posture for our efforts. Prioritising security efforts, where most needed, is critical if we are to protect our data asset.
Our dependability on data has grown. Moreover, the requirement to focus security on the rights of individuals rather than the security of the business, putting people’s security and privacy at the forefront of security, requires a change in our security focus.
Likewise, criminals are finding that obtaining our data and using it maliciously is a lucrative business for them and this is now their focus.
Laws have adapted to enforce a change and ensure that people’s personal data is protected. With all this change, surely security efforts should shift too and data security should be made a priority.
Shifting security focus to data
Yes, 20 years ago network/perimeter security efforts were the focal point and if you were able to properly secure your perimeter you were likely to be on the road to security success. This approach no longer suits, as the traditional perimeter, no longer exists or is very porous. Our data, for the most part, is no longer contained -it travels. Data is crossing physical, logical and geographical boundaries. A lot of the time organisations do not even know where their data is! Many feel they lack the control that they desperately need to be able to manage their data and properly protect it.
That being said, many organisations continue to focus far too much of their efforts and security budget on network security (securing the disappearing perimeter!). Perhaps because this is what they know and are comfortable with, but it is being done at the expense of other areas that should be prioritised and properly secured to be effective in today’s threat landscape.
We need to look at security differently. It is very difficult in this day and age to achieve complete security and to fully address all the potential security threats and risks. Therefore, we must order our security efforts according to where threats are more prone to occur and where the risks and fallout are greatest. Additionally, where our efforts will have the most impact.
Presently, data is being threatened and the consequence of a data breach is substantial. The threats to data are vast and can culminate from inside of your organisation or from an outside attack. It could be malicious or the result of an accidental employee error. Either way, the repercussions of such incidents are lasting on brand and reputation and damaging to the person to which the data belongs.
Focusing your security efforts on this critical area of your organisation is key and doing it this way will ensure efforts and money are better spent. Data security and procedures to protect data and help with classifying, identifying and managing access to data should be made the priority. Don’t ignore perimeter security but also be sure not to ignore other important areas because of it-it’s important to get the balance right.
Track, identify, classify and protect
Know what data you have and process. You can’t protect what you don’t know that you have. Decide which data is vital for your organisation to protect by identifying the most critical data, classify and protect it, and manage it accordingly. Gain an understanding of the elements that pose the most risk and focus your efforts there. Securing these elements should be made a priority.
By taking the time to do this you can be sure to focus your efforts in the right places. By protecting what is most at risk (the data), even if it were to be breached it would be useless in its encrypted form, so you will have avoided the colossal consequences of the data breach.
Focus security efforts for largest influence
If today you still focus all efforts on protecting the perimeter and the numerous devices, you are fighting a losing battle. Yet the majority of organisations still focus on achieving this. Successful defence is shifting from focusing on ‘keeping attackers out’ to assuming that ‘occasionally attackers will find a way in’ and we must be able to protect our assets even if this were to happen and ensure that potential damage is kept to a minimum.
We need to safeguard against the potential damage resulting from any of the billions of individuals that have access to the internet and may have malicious intent or human employee accidental error. To do this we need to concentrate efforts on protecting core assets (data) and systems, secure throughout the lifecycle and focus on the current threat areas.
Security focus must shift and will continue to shift, we cannot keep doing as we did decades ago and expect to be secure. Security focus must adapt with the times.
Other areas of security (Network, perimeter, device, application) should not be ignored but securing them should not be to the detriment of more relevant and critical areas. Data security should be the focal point right now. Especially since many organisations do not yet have mature security postures and many organisations no longer have complete control of their networks, servers and applications in the digital landscape in which we now function, where perimeters are fading and the virtual and physical worlds collide.
It seems obvious to protect and take control of the data, not only because this is the most valued asset and most at risk, but because solutions exist that enable you to control and protect it irrespective of the changing parameters wherein you process and store it. By protecting your data, you can drastically improve your security posture even within the fast-changing and convoluted IT environment that is challenging to secure.
Galaxkey is spot-on!
This is why Galaxkey’s data-centric security is spot-on! It does not matter how you work, where you store your data, where your data travels to or if it stays local or crosses geographical boundaries. It does not matter if you use the cloud or if you don’t. It does not matter what type of data you have and how you process it or if the data is critical, personal, highly confidential or not. None of these matter, if you protect your data with Galaxkey!
Galaxkey is a data-centric solution that can protect data irrespective of all of this. If your data is ‘Galaxkeyed’ your data is safeguarded, you are able to track your data and control the access to your data. You are able to protect your customer, client and corporate information as well as comply with the required standards, regulations and legislation.
It’s all possible with Galaxkey, no matter the IT environment or how it evolves because Galaxkey focuses its security efforts right. The focus is always on protecting the data itself!