Take a new approach to data security: protect all of it

Don't just pick and choose data and documents to protect: secure unstructured data, too.

data security

It’s getting harder every day to protect an organization’s data from external and internal and threats. With the new norm of employees accessing all types of apps in the cloud, there is no longer a viable security perimeter that organizations can protect. This is all the more concerning given the number and severity of cybersecurity threats bombarding organizations today.

But threats don’t only come from outside the organization. There are many types of internal threats, malicious and innocent alike. Employees’ inadvertent misuse of data is responsible for 36 percent of data breaches, according to a Forrester report. And, according to BPI Network, 61 percent of workers have accidentally sent information to the wrong person.

The growing data threat of unstructured data

Until recently, organizations focused their security efforts on structured data residing in spreadsheets and other organized formats. But, the spotlight has steadily turned to focus on unstructured data as well. This highly valued asset accounts for 80 percent of an organization’s data, yet it’s the least controlled. It is also the fastest growing type of data and is expected to account for 93 percent of all data in the digital universe by 2022, according to IDG.

Unstructured data poses unique security challenges and it’s difficult to manage this ubiquitous type of data as it flows widely across documents and formats, both internally and externally.

An effective way to this address these challenges is to protect all of an organization’s data by default, in an opt-out manner. You can create a virtual safe zone where anything in the zone – files or devices – is secured and only applications and computers that are in the zone’s “allowed list” would have access to the contents of the file.

At the same time, you can allow an administrator or business owner to selectively pick and choose which items to remove from the protected area. This approach is based on a Zero Trust concept, a phrase coined by Forrester Research, which assumes that all data is at risk from internal and external threats.

Yet, this is an entirely opposite approach from the way data security is handled today – where security professionals pick and choose what to protect. But with data copied from one file to another, ending up in derivative works, and the free flow of data entering and leaving an organization, it’s virtually impossible to manage and secure all of it in a one-off manner.

In addition to effectiveness, another benefit of this approach is that it doesn’t require user participation like traditional security approaches do. The reality is that if something is hard to do, or even if it requires an additional step, people will find a way to work around it. By securing everything seamlessly, you are ensuring adoption and compliance.

Are you in compliance?

On top of the challenge of securing unstructured data in a cloud-first world, security professionals need to comply with stringent regulations across a number of industries. Financial institutions must adhere to the Gramm-Leach-Bliley Act (GLBA) and New York State Department of Financial Services (NY DFS), among other regulations, while the health industry has to comply with regulations such as the Health Insurance Portability and Accountability Act (HIPPA). Payment providers and financial institutions must ensure compliance with regulations such as the Payment Card Industry’s Data Security Standard (PCI DSS), and so on. And for any companies with EU customers, the EU General Data Protection Regulation (GDPR) kicks in this May.

These regulations require data to be secured through encryption, among other means, which was addressed through traditional means by encrypting files in transit and decrypting them in use. The problem with that approach is that the files are exposed and vulnerable to attacks during the time that they are in use. Additionally, it requires user involvement to decrypt and encrypt the files.

By contrast, a new technology, Transparent File Encryption, ensures that files are always encrypted – at rest, in-transit, and in-use. This enables files to freely move anywhere via any transport method. They can be sent via email and stored on public cloud servers, and users can be both internal and external. When used in combination with a policy that protects all data by default in an opt-out manner, it provides a secure solution that enables organizations to comply with regulations.

But what about the user experience?

Providing the best security approach is no longer enough. Users today expect a seamless user experience and organizations need to deliver it. Not only must an organization’s security solution run in the background seamlessly without requiring user involvement, but it also must not interfere with the way that they work. In short, they must not even know that it’s there.

By tackling the growing data risk in an organization through a comprehensive opt-out security approach and ensuring compliance by making it easy and seamless for the end user, you will benefit from a win-win scenario. While you will protect one of your most valuable assets and ensure compliance with regulations, at the same time, your employees can focus on doing their jobs unencumbered and help move your business forward.

Copyright © 2018 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations