By Sudhindra Kumar, Manager of Software Engineering at NextLabs, Inc.|
With the growing adoption of cloud for various business processes, traditional approaches to data security are no longer sufficient to keep enterprise data safe. Gone are the days when all critical information was protected behind a firewall with access restricted to specific clients/devices. IT security teams are under increased pressure to make data available to a plethora of devices (mobile phones/tablets/personal laptops, etc.) and applications without compromising on the security aspect of the data.
Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and increasing to 20.8 billion by 2020. A large percentage of these devices are going to be BYOD, which carry a combination of personal and business data, and have major vulnerabilities – putting your enterprise data at risk. Attackers have shifted their focus from secure enterprise environments to these vulnerable devices, which give them an easy gateway to your enterprise data. Mobile Device Management has become an important staple for every organization.
Encryption of data at rest will evolve to target the resources rather than where the resources are stored. Applications have become more complex, with some of them running on-premise and some in the cloud. There is a business need for data to be transferred across these applications and thus blindly encrypting the entire repository where the content is stored will be rendered ineffective. With the amount of data handled increasing every day, it is too expensive and unmanageable for organizations to encrypt data blindly. Companies will have to start moving to solutions that can dynamically protect information based on the criticality of the data in order to comply with business and regulatory requirements.
Based on a survey conducted by Gartner, IT security ranks second in the list of priorities for corporate investment. This is primarily due to the increase in data breaches in the recent past and the impact these incidents have on the companies’ credibility.
So how can organizations secure their data effectively? This will require a multi-pronged approach to plug all potential loopholes and safeguard the ‘crown jewels’ of the organization. The first step in this approach is to have well defined security policies that prescribe what information needs to be safeguarded and how it needs to be protected. Companies need to take a top-down approach to this, with the policies percolating all the way from the CEO down to the lowest levels of hierarchy. A key factor is to ensure that the policies remain relevant to changing business needs and can be changed quickly to reflect new requirements. Solutions should automatically apply protection to reduce human error. Employee awareness about the latest cyber threats and protection methods is also important to ensuring security is properly enforced.
The constantly evolving data security challenges are definitely a huge challenge for the security teams, but with the right policies and tools, they can secure their most critical information. A data centric security strategy that is flexible, dynamic and provides central visibility needs to be a key part of any security portfolio.