As companies around the world turn their attention to advanced threats endangering their most sensitive data, one category is commanding much-deserved attention: insider threats. With 44.5 percent of attacks perpetrated by malicious insiders, guarding against these incidents is becoming a pressing concern.
An effective way to tackle insider threats is with an integrated approach that accomplishes two related goals. First, organizations need to reduce their exposure to insider threats by securing their critical data and governing their identities. Second, they need to monitor the actions of their authorized users to detect any anomalous behavior using security intelligence. In this post, we will focus on the first piece of that integrated approach: securing sensitive data.
To protect an organization’s most sensitive data, it is important to have a mature data security strategy in place. That strategy will help determine who owns the data, where it originated, how sensitive is it, what it can be used for and so on.
Protecting Critical Data in Five Easy Steps
Organizations can follow a systematic, five-step approach to protect their data with the highest business value, commonly known as crown jewel data, as depicted below:
Taking time to understand the organization’s strategic goals and how data security fits into these goals will provide guidance to the overall data security program. The initial phase of the five-step approach should focus on assessing the organization’s goals and objectives and ensuring appropriate policies and standards are in place. Stakeholder interviews, reviews of data management policies and standards, and any other relevant existing documentation should be included in the assessment to understand the current capabilities.
As part of this phase, it is also important to obtain agreement among the various IT and business stakeholders on what the critical data is, the impact that data has to the organization if it is lost and the required security control baselines to protect that data.
Knowing where your critical data is located within the organization is an important step to ensure it is adequately protected with multilayered security controls. Without having an understanding of where the critical data is stored, any security controls will have to be implemented across all systems, no matter if the system contains critical data or not, and that is not cost effective.
Once the organization’s current data environment is understood, a data discovery should be done across the organization’s structured and unstructured repositories to identify and classify critical data stored within those repositories. As these discovery results are gathered, a data catalog and taxonomy should be created to manage the findings. The data categories within the taxonomy should then be ranked using a defined process to understand what data is considered to be the crown jewels.
Baselining is critical in understanding how much effort is needed to secure the data environment. Without a proper assessment of security controls, it’s impossible to know where the security gaps are located and what additional controls might need to be implemented to better protect critical data.
An assessment should be done to measure the maturity of the organization’s current data security controls and processes against the baselines established in the first phase. The results of this assessment can then be used to develop recommendations around both technology controls and processes that can enhance the overall protection of sensitive data.
During this phase, technical solutions will be designed and implemented to protect data. Based on the gaps discovered during the baseline assessment, a plan is developed to address risks to the crown jewels and implement updated data security controls that will meet the overall data protection objectives.
Typically, a road map is created to prioritize projects and implement solutions to secure the data environment. The outcome of this phase will ensure the crown jewels are adequately secured and risks to their security are remediated.
We know that data is not static and that it moves across the organization. Also, new data is created every day. So having a process to detect new data and classify that data is crucial to maintaining the overall security of crown jewels.
A governance process should be established to ensure that all the above activities are repeated on a regular basis, depending on your goals and objectives — especially the data discovery activities from the second phase. Organizations should also be looking at capabilities to visualize the risk around data and make a data risk dashboard available to senior management for greater awareness.
Other activities should include developing monitoring checklists, training the team to manage the updated security process and establishing a communication plan to manage the processes around discovering and protecting crown jewels. It is also important to understand that as technologies change and new data threats arise, organizations should revisit their security policies periodically to validate the effectiveness of the controls.
Get Started Today
Based on IBM’s experience working with many clients embarking on the data security journey, we have developed a program known as the Critical Data Protection Program that follows the recommended five-step approach to protect sensitive data. The program has effectively assisted organizations in securing and monitoring critical data. IBM also provides a data risk dashboard capability that helps organizations visualize risks around their critical data and prioritize remediation activities.
CHECK OUT THE INTERACTIVE WHITEPAPER ON INSIDER THREAT PREVENTION
Executive Consultant — Data & Application Security, IBM
Ashok Penmetsa is Executive Consultant — Data and Application Security for IBM. He is a certified information security management professional with global ...