By Michael Murphy
Not all assets can and should be equally protected. Trying to protect everything uniformly thins resources and can leave truly valuable assets exposed.
Take historical museums for example; they have tiered levels of security to account for the varying values of their assets. Museums don’t let just anyone inside; instead, patrons buy an entry pass and make their way through a security line. Once inside, customers are faced with the second layer of security – guards who roam the halls keeping a watchful eye on everything.
The third layer of security comes in the form of prioritization. The museum categorizes which artifacts or pieces can be displayed in the open and which valuables must remain behind glass and sensors. And for those priceless artifacts like the Hope Diamond, they are given a dedicated security guard on watch at all times.
In every case, strategic decisions must be made about the level of security for each asset. Making these decisions, though, is no easy task.
This is a conundrum that enterprises regularly face as they struggle to protect their most prized asset –data.
With an average of 117,339 cyber attacks and nearly $1 million new malware threats released every day around the globe, IT departments are struggling to defend against the continuous onslaught of threats.
Further, the introduction of mobile and remote working practices has created even more access points that can be vulnerable to attack.
To deal with this new security landscape organizations should focus their strongest security efforts on defending what matters most, rather than trying to secure everything equally. This can only be achieved through the implementation of a strategic security policy coupled with investments in the right technology.
Enterprise Mobile Management
If employees are accessing corporate data from unsecured networks and personally owned devices, technologies and policy controls need to be in place to minimize security risks. For example, apps enabling remote access to company servers should be kept secure and separate from an employee’s personal apps and data.
This can be achieved with an Enterprise Mobility Management (EMM) solution, which ensures that the app itself is containerized. Therefore, even if an employee gets a virus on their device, the company data remains safe. The same benefits apply with desktop virtualization, which provides the most highly secure desktop environments for employers and employees.
Pairing security technology with effective policies requires three elements: role-based access control, categorization of a data’s lifecycle and a tiered value of assets. If a company hasn’t specifically stated or outlined what they consider as classified data, then even their own employees become threats to security.
Recently, a U.S. official made headlines for inadvertently sending classified information over a private email server. When probed, they noted that none of the emails had been marked as classified. This is why a policy is just as important as the technology itself.
Perhaps the most important part of an organization’s security policy is establishing role-based privileges to control access to data. Application virtualization can help ensure that employees have access to the right apps and data they need to do their jobs while maintaining the desired data security.
A fulsome security strategy must then include a tiered data security system. This involves assessing the value of the data and determining the level of security needed. From there it is important to define the data security lifecycle. What is important today may not be important tomorrow. For example, a quarterly earnings announcement must be fully protected until the date of its release. But once it has gone public, it is a waste of resources to continue keeping it secure. Yet, too often this happens as many lack automated systems and policies that notify IT to shift their efforts when the time calls for it.
Despite the growing number of threats, there are always ways to keep data safe. By instituting a policy that properly tiers data security and having the correct technology in place, organizations can ensure that they aren’t building ‘million-dollar fences around $5 assets’ and are keeping attackers at bay.