Into the Breach

Kuwait Times - - TECHNOLOGY -

With more than 3.67 bil­lion data records lost or stolen world-wide, there is greater re­spon­si­bil­ity than ever be­fore on MENA’s CISOs and CIOs to en­sure the se­cu­rity of their or­ga­ni­za­tions. Data theft and cy­ber se­cu­rity - once ob­scure con­cepts that were re­stricted to the IT de­part­ments at large cor­po­ra­tions have be­come com­mon top­ics of dis­cus­sion in re­cent years. Since 2013, more than 3.67 bil­lion records have been lost or stolen world­wide - with al­most 233.5 mil­lion in De­cem­ber 2015 alone, ac­cord­ing to a re­port by Breach Level In­dex. This threat has grown in­creas­ingly global, with com­pa­nies in the MENA re­gion also now at risk.

That means it is now more crit­i­cal than ever be­fore for public and pri­vate sec­tor or­ga­ni­za­tions around the world to boost their sys­tem ca­pa­bil­i­ties to pro­tect against data loss and en­sure con­sumers re­main con­fi­dent while shar­ing per­sonal in­for­ma­tion on­line. Ac­cord­ing to a Data Breach In­ves­ti­ga­tions Re­port from Ver­i­zon Com­mu­ni­ca­tions, the cost of a breach of 100records can range from $18,000 to $555,000. Of­ten the cul­prits are care­less or ma­li­cious em­ploy­ees who have stolen or sim­ply lost pri­vate records -far from the pop­u­lar im­age of so­phis­ti­cated men­ac­ing hack­ers lurk­ing in the shad­ows. Against this back­drop, the re­spon­si­bil­ity rest­ing on the shoul­ders of Chief In­for­ma­tion Of­fi­cers and Chief In­for­ma­tion Se­cu­rity Of­fi­cers (CISOs) now weighs heav­ier than ever.

And this is where Data Loss Pre­ven­tion (DLP) tech­nolo­gies come into play. But, for the suc­cess­ful im­ple­men­ta­tion of these tech­nolo­gies, an or­ga­ni­za­tion must have a clear idea both of the threats they face and, vi­tally, how DLP tech­nolo­gies can be prop­erly im­ple­mented to pro­tect against them. In sim­ple terms, DLP so­lu­tions are de­signed to pro­tect data against at­tempts to copy and/or send it to unau­tho­rized en­ti­ties. These so­lu­tions fall into two cat­e­gories: Those fo­cused on pre­vent­ing loss from data in mo­tion and those that pro­tect data at rest or in use.

Mean­while, a grow­ing num­ber of hard­ware and soft­ware ven­dors are seek­ing to se­cure a share of the DLP mar­ket - one that re­search firm Mar­kets and Mar­kets pre­dicts will grow to an an­nual fig­ure of $2.64 bil­lion by 2020, up from $0.96 bil­lion in 2015. How­ever, de­spite the in­creas­ing scale and so­phis­ti­ca­tion of the DLP so­lu­tion land­scape and the ex­is­tence of skilled in­for­ma­tion se­cu­rity of­fi­cers, com­bat­ing data loss re­mains fraught with chal­lenges. From de­mands and weak­nesses re­lat­ing to in­for­ma­tion se­cu­rity gov­er­nance to un­der­stand­ing data flows and ad­dress­ing the lack of in­for­ma­tion, data loss pro­tec­tion can seem an in­sur­mount­able task. How­ever, if suit­ably armed with knowl­edge and a solid plan, the ob­jec­tive should be within reach.

The fol­low­ing steps are de­signed to help set or­ga­ni­za­tions on the right track to se­cu­rity:

Cre­ate a Plan

To­day’s DLP land­scape is rife with mar­ket­ing ma­te­ri­als that are mas­querad­ing as in­dus­try in­sights, and one-sided opin­ions that can cloud judg­ment. As a re­sult, or­ga­ni­za­tions can find them­selves en­ter­ing into a sea of DLP so­lu­tions for which they are un­pre­pared.

This means that com­pa­nies must un­der­stand their tech­nolo­gies and the na­ture of their prob­lems to de­ter­mine the ac­tion re­quired-DLP so­lu­tions may not even be the an­swer. Com­pa­nies must then de­velop a clear plan that can eval­u­ate the scope of the threats they face and the most ef­fec­tive way to min­i­mize them. Here, align­ment with the or­ga­ni­za­tion­wide in­for­ma­tion gov­er­nance pro­gram is crit­i­cal. Proper plan­ning and gov­er­nance can help set the rules for any se­cu­rity so­lu­tion while en­sur­ing clear ob­jec­tives and cri­te­ria for eval­u­a­tion.

Know your Data

DLP so­lu­tions are de­signed to crawl through the net­work us­ing agents to iden­tify struc­tured and un­struc­tured data in a process called fin­ger­print­ing. While this is a valu­able and time sav­ing fea­ture, it is not nec­es­sar­ily fail­safe and can present risks: in the ab­sence of man­ual pro­cesses, sen­si­tive data could be over­looked. There­fore, be­fore em­bark­ing on the im­ple­men­ta­tion of a DLP so­lu­tion, or­ga­niz­ing and clas­si­fy­ing data’s an im­por­tant first step. If this is done suc­cess­fully, de­ter­min­ing what type of data re­quires pro­tec­tion-and thus what so­lu­tion is re­quired-will be­come a smoother ex­er­cise.

Un­der­stand the Op­tions

Dif­fer­ent DLP so­lu­tions come with dif­fer­ent ca­pa­bil­i­ties. While many fo­cus on pro­vid­ing end­point pro­tec­tion for mo­bile de­vices, laptops, or other user sys­tems, some pro­tect data at rest, se­cur­ing data­bases and on­line stor­age while mon­i­tor­ing for data be­ing down­loaded or trans­ferred. Mean­while, other so­lu­tions mon­i­tor net­work traf­fic to pro­tect data in mo­tion. Suc­cess­ful DLP de­ploy­ment, there­fore, re­quires a com­plete un­der­stand­ing of an or­ga­ni­za­tion’s data types and flows.

In sum­mary, the three main DLP so­lu­tion types in­cludes so­lu­tions that se­cure data in use or stor­age on end­points, those that se­cure data in mo­tion, and com­pre­hen­sive so­lu­tions that pro­tect data both at rest and in mo­tion.

Adopt a Phased Ap­proach

Us­ing a phased ap­proach to the im­ple­men­ta­tion of DLP so­lu­tions en­ables en­gi­neers to bet­ter as­sess le­git­i­mate data flows within a net­work and sep­a­rate them from those that demon­strate data loss. Phas­ing can also help avert in­ac­cu­ra­cies. When im­ple­ment­ing DLP so­lu­tions, po­ten­tial im­pacts to net­work traf­fic could de­rail the so­lu­tion and in­un­date se­cu­rity an­a­lysts with false pos­i­tives. Im­ple­ment­ing net­work-based DLP ca­pa­bil­i­ties at egress points-the points through which data leaves one net­work for an­other-can al­low a sys­tem to func­tion pas­sively and fa­cil­i­tate fine tun­ing over time. It can then be­come eas­ier to migrate the sys­tem to max­i­mize in-line pro­tec­tion.

En­sure In­te­gra­tion

Lay­er­ing ad­di­tional se­cu­rity ca­pa­bil­i­ties on top of ex­ist­ing in­fras­truc­ture will only ex­ac­er­bate com­plex­i­ties in in­ci­dent re­sponse and mit­i­ga­tion. DLP sys­tems that do not in­te­grate with se­cu­rity in­for­ma­tion and event man­age­ment (SIEM) tech­nolo­gies, and that do not sup­port an or­ga­ni­za­tion’s cur­rent se­cu­rity goals and con­structs, will only in­crease the work­loads of al­ready over-bur­dened em­ploy­ees and de­crease the ef­fec­tive­ness of the so­lu­tion. Fur­ther­more, fail­ing to en­sure sys­tem in­te­gra­tion will pre­vent se­cu­rity staff from us­ing emerg­ing an­a­lyt­ics tech­nolo­gies and tac­tics to com­bat threats.

As the adop­tion of dig­i­tal pay­ment tech­nolo­gies ac­cel­er­ates and con­tact­less pay­ment op­tions be­come more pop­u­lar, CIOs and CISOs need to un­der­take a com­pre­hen­sive eval­u­a­tion of the risks of data theft. From there, the ap­pli­ca­tion of mea­sures to com­bat those threats can help lead­ers pro­tect their net­works, and con­se­quently, their bal­ance sheets. The key is to re­as­sure cus­tomers that their pri­vate in­for­ma­tion rang­ing from birth­dates to credit card data and bank ac­count num­bers is stored in a safe place, out of reach of hack­ers and cy­ber­crim­i­nals.

Lutfi Zakhour

Dr Mahir Nayfeh

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.