Assemble the Pieces for a Holistic View of Security

Scanning for incoming threats isn’t enough. A comprehensive approach to security also means preventing the wrong data from leaving the organization.

istock 639109564

Checked your work email on your smartphone lately? Chances are so have your end users, and you’d better hope they haven’t passed any sensitive attachments on to friends, family, or the Internet. 

In today’s world of mobile and cloud computing, a strong security policy must also include understanding where your data goes when it leaves the enterprise, not just blocking malware or authenticating users accessing corporate systems. Taking a more holistic view, one that includes not only inbound attacks but how and when data leaves the protection of the enterprise, is key.

“Today, we still live a bit in the early 90s and tend to think about `outside bad, inside good’,” says Richard Ford, chief scientist at Forcepoint. As a result, many organizations pay too much attention to what’s trying to come in to the network or enterprise from outside the firewall, such as malware, versus whether data is leaving that shouldn’t.

A holistic approach focuses on which users and systems can touch corporate data, when and how they do this, and which data leaves the enterprise, says Ford. It also combines information about threats with information about the location of vital data and what users are doing with it.

One example of a failed approach, he says, is a Next-Generation Firewall stopping an incoming DDoS attack but failing to detect a server sending customer lists to an ISP overseas.

Such a big shift in strategy might sound daunting, but it doesn’t have to be. There are many tools available to integrate the necessary contextual information about users, data, and threats. Organizations also don’t need to consolidate all this at once, but “invest in the things that give you the biggest analytic lift for your buck,” says Ford.

If data confidentiality is the greatest imperative, information from a data loss protection platform might the place to start. If protecting critical infrastructure is most vital, a focus on insider threat monitoring might be more appropriate, Ford says.

The Personal Device Puzzle

The steady stream of corporate data (such as email) flowing to and through users’ personal devices is a security disaster waiting to happen, says Ford, but many CISOs are delaying action because they’re busy with everyday crises. And while there are technical solutions such as tools that track corporate data on these devices, none solve the underlying problem: Users don’t want employers snooping on their personal devices yet still want access to their work emails, while employers have a legitimate need to protect their data.

Reconciling these perspectives requires careful tradeoffs. “Every company should be having a conversation with its employees around privacy in an intelligent way,” says Ford. “It shouldn’t be `them vs. us’ or ‘employee vs. employer’ but a recognition that the ‘them’ are those who seek to do us hard, and ‘us’ is everyone in the company.” Employers “should listen more than they talk,” he says, working with users to craft policies that balance data security and employees’ productivity thoughtfully.

“The biggest hurdle to creating a holistic approach to security is not technical or financial, but mental,” says Ford. Breaking out of old ways of thinking and acting is difficult, but will provide the biggest competitive boost: Providing the best protection for your data while keeping it available to the employees, business partners, and customers who need it most.

Forcepoints’s human-centric cybersecurity systems protect your most valuable assets at the human point: The intersection of users and data over networks of different trust levels. Visit www.forcepoint.com