Data security is one of those mission-critical issues people are always talking about and building solutions and policies around. But, even when we focus on the right problems, too many businesses are doing so at the wrong time – namely, after a breach has happened. Determined hackers have proven again and again that they can violate just about any perimeter put in front of them. Yet somehow, many companies still wait for a breach and then use it as a catalyst for updating security designs and policies moving forward. It’s a permanent response-mode that can be futile, frustrating and costly.
Better information security requires that we think more proactively and understand two basic realities: 1) The next breach is an inevitable “when, not if” kind of occurrence that will happen sooner or later, and 2) Data security is a lifecycle that involves steps you can and should take before, during and after a breach.
Once we understand the need for continual work in the face of ongoing danger, we start to see that there is no silver bullet, no single answer to fully protecting data. And, the multi-faceted blend of technology and processes that we do come up with needs to address the inevitable nature of the threat. There are many ways to go about it. One successful approach I’ve used is to focus on three interrelated priorities.
Manage Access to the System
Yes, a breach will ultimately happen, but we still do as much as possible to secure normal operations and ensure that only authorized users can access designated parts of your systems. Look to incorporate robust IP filters and password controls, along with external authentication and authorization systems like Kerberos and software protocols like LDAP. Use fine-grained access rights and privileges for user authorization, and pay special attention when managing credentials on client systems, or using applications with connection pools.
Secure Sensitive Data
Limiting access to certain information once someone is in your system helps govern your own users’ movements within your data architecture. But, it becomes crucially important mid-breach when you’re trying to limit damage in real-time from an intruder. Good systems leverage strong network traffic encryption along with options like row-level security, column-level data encryption and tokenization, full disk encryption, and tape/disk backup encryption. By compartmentalizing access, you compartmentalize damage. The trick is to protect data while still keeping the system agile, so compartmentalizing doesn’t turn into a silo experience for your trusted users.
Actively Audit and Monitor
System administrators should implement strong security practices that monitor data access and flag unusual patterns in the data. This can be crucially important when you are in the process of getting hacked and when it’s over. You can find clues via the access controls you have in place to protect the perimeter, but you can learn a lot more by also maintaining comprehensive audit logs. Forensics like this may seem like extra work in cases where the damage is already done, but understanding patterns of breach behavior can offer crucial insights. Just remember that the only thing worse than suffering a breach is suffering through the uncertainty afterward when you don’t know who hacked you, how and what data they accessed.
Whatever approach you take, make sure you deploy, operate and accredit your systems to comply with rigorous security standards like the PCI Data Security Standard and ISO 27000 standards.
By now you see it takes a lot of work, but a comprehensive and proactive approach to security is the surest way to protect your data. Hackers are agile and always vigilant; we should be too.