When we speak about data security to our customers, we always advise them that they need to build from the inside out, instead of from the outside in. The most important part of your organization, which for most is the data itself, is the asset that needs to be protected as a priority.
When a new bank is planned and built, it isn’t designed around the floorplan or that existing walls, it’s actually designed from the vault outwards. Before the design of the vault even starts you need to know what you’re actually protecting, and that will help you determine what the design of the vault needs to look like (what material needs to be used, the size of the vault, the scale of protection etc.). Then you need to determine who needs access to that vault in order to keep the bank functioning without disruption and without threatening the security of the vault contents.
Designing and implementing your data security strategy isn’t too dissimilar to this. In order to ensure your data is secure you should think along the lines of how you would approach physical security. Find out what you’re protecting, how your environment should be set up to protect it (i.e. should you de-risk your data by separating it into separate data lakes or repositories), who should have access to that data and more. We refer to this strategy as “inside-out security.”
So, how do you go about implementing an inside-out security strategy to protect your data? Here are the four key areas you should focus on:
1. Knowing What Needs to Be Protected
The first step is deciding what your most valuable assets are and whether they need to be protected or not. For many organizations, data will be by far the most valuable asset that requires protection. But, the actual data itself will vary depending on a number of factors, including the location, scope and compliance requirements of the organization.
Your first step should be to discover and classify all the data within your environment and locate which data falls under compliance requirements or is deemed to be sensitive enough to merit protection (usually this includes all personally identifiable information, corporate secrets, financial data, payment information and more).
Once you have an idea of what this data is, whether it is sensitive, why it’s sensitive and where it’s located, you will be able to move on to the next step.
2. Determining Who Requires Access to the Vault
Once you have set up your data vault (you know what’s inside it and levels of protection are required), you can set up your access rights and permissions to ensure that only the people who need access to the data have that access. What we’re essentially referring to here is the principle of least privilege whereby permissions to sensitive data should be handed out only to those who require it to perform their tasks. You don’t want to end up with over-privileged users posing a risk to your data security. Or, to continue the bank metaphor, you don’t want to give any old Tom, Dick or Harry the keys to your Vault.
3. Install Security Cameras and Monitor That Vault
Ok, I might be taking the analogy a bit too far here, but the point stands. You need to have the ability to proactively and continuously monitor the interactions your privileged users have with your data. This usually involves deploying a data security platform or auditing solution as doing this natively isn’t really feasible.
You should keep an eye out for anomalous user behavior or changes being made to data and the surrounding environment. Once you spot something you don’t like, you should be able to react quickly to mitigate the risk of an insider threat or data breach.
So, there you have it. Data security that starts from the inside-out. If you want to see how Lepide can help you implement this security strategy, request a demo of LepideAuditor today.