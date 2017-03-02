Organizations often hear that they should deploy layers of protections as part of a comprehensive security strategy, but they may not be certain about how to approach this task. A way to address layered security is to identify the core elements of your IT ecosystem and ensure that each is well protected, as well as making certain that those layered controls are well integrated with one another.

The CEO’s Guide to Data Security report from AT&T identifies five main components that require protection: data, applications, network, connected devices, and data centers (on-site or cloud-based).

Data – Protecting data starts, not surprisingly, with identifying the types of data your organization holds, classifying it by degree of sensitivity or value, and determining its location. Regardless of its location, the highest-value data requires the strongest and most restrictive ID and access management.

Ideally, all sensitive data will be encrypted both at rest and in transit. There have been significant advances in encryption technology and services in recent years, making it possible to apply encryption to greater amounts of data without significantly slowing application performance.

Applications – Both corporate applications as well as mobile apps must be built from scratch to be secure by design. Keeping track of which programs may be risky has become much more difficult, however, given the deluge of mobile apps created and downloaded. One recent assessment found that the average organization uses 1,427 cloud services, with many represented by an app on at least one employee’s phone.

Beyond creating lists of approved apps and educating their employees about the risks unvetted apps can pose, growing numbers of organizations are enlisting the aid of cloud access security brokers (CASBs). Sitting between employees’ devices and cloud services, CASBs allow companies to both see and control what is being accessed.

Network – Data is often the most vulnerable when in transit, making it critical to ensure the security of each and every network over which data may travel. One of the most worrisome of these links is unsecured free Wi-Fi networks. Worst case are rogue Wi-Fi hotspots crafted to look like legitimate networks but designed specifically to capture the communications of unwary users. Among other defenses, the use of virtual private networks (VPNs) is one of the best ways to protect against these and other communications threats.

Connected devices – Securing connected devices was tough enough when organizations only needed to worry about PCs and laptops. With the proliferation of smartphones, tablets, and now, internet-of-things (IoT) devices, security has become much more complex. Even simple IoT devices should meet minimal requirements, including the use of unique passwords and support for software patches and upgrades.

On-site and cloud data centers – While most organizations feel as though they have a handle on the security of their own data centers, not as many are confident about the infrastructure and data security of public cloud service providers. Before signing up for any cloud service, you should thoroughly investigate the cloud provider’s bona fides, including its security certifications, its data backup and recovery practices and a host of additional security-related variables.

Securing each individual element of your IT environment is just the first step. Almost as important is the integration of all of the layers of security controls, to ensure that no vulnerabilities remain in the gaps in-between and to allow end-to-end visibility and management throughout the organization.

Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post.