For many people, children are their most valuable assets. In order to protect those assets, we take steps to know where they are at all times (until those pesky teenage years!); to monitor their behavior; and to protect the places where they spend their time. Our homes now have cameras, locks and alarm systems as methods of monitoring activity, hardening the perimeter, and ensuring no insiders (those teenagers again!) can exfiltrate themselves from the secure location.
The idea of protecting what is valuable to you is not new. So why would this be different in an enterprise trying to protect its mission-critical data? Customer information, trade secrets and health records are of the most sensitive information an organization holds, but too often they are not treated as delicately as we'd treat our own families. However, with the increase in significant data breaches and global regulations that could cost organizations millions, enterprises are starting to implement frameworks to help mitigate these potential risks - with the clear goal of securing their sensitive data. One of the frameworks we see our clients adopt is zero trust.
Zero trust is a flexible security framework based on the notion of not trusting anyone at all. Traditional security models focus on the IT perimeter, but with hybrid multi-cloud environments, BYOD and co-mingling of employees and contractors, a perimeter solutions is no longer sufficient. Rather, there are the critical things that need protecting, people who need the correct access, devices that need to be managed, and analytics and response mechanisms to ensure security analysts have full visibility into their environments.
Data is the foundation for basically everything in an IT environment, but is often overlooked for security in outward-facing areas such as endpoints, networks and applications. The old paradigm was to build those walls around the network and inspect everyone coming in and out. Times have changed with insider threats, contractors, and the growth in hybrid cloud environments where data is moving everywhere.
Using a zero trust approach, the starting point for security architecture needs to come from the bottom and work its way up the IT stack. This includes applying microperimeters (think: locking the door to your house then shutting the door to your child’s bedroom) and microsegmentation (think: only grandparents have keys to the house) at the data layer. Implementing these two practices offers organizations valuable context about who has access to corporate data and what devices or networks they are using. This provides a strong foundation for the security posture of the organization.
But how do you get there?
The first step in any framework is simply understanding all of the elements you need to protect. This includes creating an inventory of what type of data you have and where it lives. Once you know what you have, then you can put rules in place to secure it (for example, I have 2 young kids, so I need safety gates by my stairs. I also have a teenager, so I need to lock the liquor cabinet). To further secure the data, an organization should adopt strong encryption to harden the environment. This is akin to having your child ride a bike with a helmet on (always!), knee pads, and elbow guards.
Next, you need to monitor activity across the organization to see who is trying to access your data. Having a clear view of users and behavior as it relates to your most sensitive data is of the utmost importance for any organization.
Finally, robust analytics and machine learning will allow for deep visibility into the data environment and filter out the noise from false positives. These analytics should feed an automation engine so if an anomaly is detected, infected users are blocked from accessing sensitive data. To round out our child-parent metaphor, this would be similar to having a thermometer at home to check a child's temperature when they say they're sick (so they aren't faking it to skip school!).
Once the framework is in place, you have important context about your data that can be mapped to people and their level of access. Combining this data with your IAM system helps you answer important questions about who is accessing your data and whether (or not) they should be. Going a step further and layering in a unified endpoint management solution gives you even more visibility about the what devices are being used to access your data.
In today's environments, where data is everywhere — flying instantly from an on-prem database to a cloud file share, being accessed via a VPN on a tablet while out to sea on a yacht — organizations need strong but flexible frameworks to ensure business continuity, compliance, and customer trust. Taking a data-centric approach to your zero trust initiatives will enable your organization to be ready for the challenges of the hybrid-multicloud world we live in today. So, when you tuck your kids in, shut their door, set the alarm, hit the lights, and lock the door, remember, that this is the same approach you should be taking to protect your organization's sensitive data. Oh, and don't forget to hide the key to the liquor cabinet!
#Security