In today’s world, data is everything. Enterprises are now beginning to adopt the approach that data should be at the heart of security strategies. The rapid rate of data creation over the last few years, the increased value of that data, and the relative lag of cybersecurity advancements, has created an opportunity for cyber-attackers.
More and more organizations are now turning to Data-Centric Audit & Protection (DCAP) as a method for maintaining the security and integrity of critical data. But what is DCAP?
Defining DCAP (Data-Centric Audit & Protection)
As the name suggests, the term DCAP (created by business and research consulting company, Gartner) is defines a security strategy that places data at the centre. The goal is to maintain data security by discovering where critical data lies, who has access to it and whenever changes are made to the data and its surrounding systems.
The key areas of DCAP are:
- Discovery and classification
- Storing and processing data
- Data access governance
- User behaviour analytics
- Monitoring and auditing changes to data and permissions
Data Discovery and Classification (DDC)
If you’re going to be placing data at the heart of your cybersecurity strategy, you’re going to need to know where it is first. This is where data discovery and classification methods come into play. This will enable you to discover, tag and classify data based on its content and the associated risk. For example, if a file contains multiple instances of PII (personally identifiable information) related to GDPR, then a DDC solution will be able to tell classify this file as such.
Storing and Processing Data
The most well-known term in this arena is Identity Access Management (IAM). Access controls and encryption are the best way to ensure that your data is secure during storing and processing. Compliance mandates, including the newly introduced GDPR, are strict on ensuring that organizations are acting responsibly when it comes to storing and processing data, particularly data relating to customers, employees and prospects.
Data Access Governance (DAG)
Data Access Governance is a bit of a buzzword in the world of IT security and can mean numerous things, some of which are covered in the previous two points. It is best defined as the policies and practices of determining what sensitive data is, where it resides, who has access to it and what levels of access do they have. Effective DAG programs are the ones in which users are afforded the access levels they require to do their job whilst simultaneously protecting the most sensitive of data.
User Behaviour Analytics
Understanding how your users are interacting with your data is a vital part of ensuring that you are maintaining the security and integrity of that data. User Behaviour Analytics provide organizations with insight into the modifications users are making to data and allow you to reverse unwanted or unauthorized changes. This will help you detect anomalous change activity in relation to your sensitive data and are effective ways to help prevent insider threats.
Monitoring and Auditing Changes to Data and Permissions
Along the same lines as UBA, monitoring and auditing the changes being made to the data and itself, and the permissions surrounding that data, is a critical part of data-centric audit and protection. Monitoring permissions will allow you to determine whether you are operating on a least privilege model or are at risk of privilege abuse. You should only allow access rights to sensitive data to those within your organization that truly require it (of which there are likely few).
Similarly, continuous and proactive auditing and monitoring of changes being made to data will help you spot suspicious changes faster; enabling you to detect and mitigate the damage of potential cyberattacks (such as insider threats, ransomware, privilege abuse etc.).
Data-Centric Audit and Protection Solutions
As you might expect, this market is quite a broad one, and there is no single vendor that is able to provide a full Data-Centric Audit & Protection solution. It’s likely you will have to shop around and see which combination of DCAP solutions best fit your requirements.
LepideAuditor, for example, sits within the bracket of DCAP solution as it is able to help you discover and classify sensitive data, analyze user behaviour, improve your data access governance program and continuously monitor and audit your IT environment. For more information and free trial of the solution, click here.