Integrating the latest advances in information technology into your business is a necessity for staying operational and being competitive. Integrating the latest advances in cybersecurity into your business is equally important. Today’s business processes are heavily data driven, and that data has value: To you, your customers and, whether you like it or not, to cyber criminals. Protecting that data is important for keeping your company and customers safe.
Businesses are creating, using and storing more data than ever. The volume is massive — one estimate is that 90 percent of data in the world was created in the last two years.
New Ways of Creating Data
This data isn’t all being created by office workers typing into a desktop, or people posting to Facebook in their spare time. Much of the new data is created by machines and Internet of Things (IoT) devices that monitor, record and transmit information collected by their sensors. In many cases, these devices are connected and forgotten, without adjustments to their configurations or the application of necessary security controls.
New Ways of Storing Data
Finding ways to store all this data is challenging. For many companies, the only practical storage option is the cloud, where they can rapidly extend storage capacity as needed without bureaucratic purchasing and provisioning headaches. The downside is that the data can also escape the corporate oversight of compliance and auditing processes — which puts businesses at risk.
New Ways of Using Data
Data used to be processed by number-crunching applications that ran on mainframes in a company’s secure data center. Then processing moved to desktops computers, where end users could accidentally download viruses and other malware.
Today, data is accessed on smartphones and tablets that the company doesn’t control, in public environments that aren’t secure. Data is shared by email, text and social media. Users can accidentally expose data to shoulder-surfers, by losing their device or using insecure public Wi-Fi to get business done on the go.
New Ways of Protecting Data
To cope with these new challenges, businesses need to develop new ways of protecting data. Compliance and security need to be addressed simultaneously, with products and processes that complement each other and work together effectively to secure data and satisfy legal requirements.
1. Start with a plan. Be proactive about addressing your security needs. Start with a threat assessment to identify your greatest vulnerabilities. It’s only when you understand your network, applications and users that you can create a security strategy that truly protects you.
2. Implement defense in depth. Don’t expect a single measure to provide security. Your data is at risk from multiple directions, inside the organization as well as out. So while adding an external firewall is a start, you need to also add layers of defenses inside your network perimeter as reinforcement. Internal segmentation firewalls (ISFW) let you defend your most sensitive applications from intruders who come from within.
3. Broaden your security scope. As well as deepening your defenses, you need to broaden their scope. Don’t simply focus on the devices within your data center and your network. Use mobile device management to secure end user devices, and monitor and control usage of cloud storage. Take a centralized view that’s able to see and protect your data wherever it resides.