As companies around the world turn their attention to advanced threats endangering their most sensitive data, one category is commanding much-deserved attention: insider threats. With 44.5 percent of attacks perpetrated by malicious insiders, guarding against these incidents is becoming a pressing concern.

An effective way to tackle insider threats is with an integrated approach that accomplishes two related goals. First, organizations need to reduce their exposure to insider threats by securing their critical data and governing their identities. Second, they need to monitor the actions of their authorized users to detect any anomalous behavior using security intelligence. In this post, we will focus on the first piece of that integrated approach: securing sensitive data.

To protect an organization’s most sensitive data, it is important to have a mature data security strategy in place. That strategy will help determine who owns the data, where it originated, how sensitive is it, what it can be used for and so on.

Protecting Critical Data in Five Easy Steps

Organizations can follow a systematic, five-step approach to protect their data with the highest business value, commonly known as crown jewel data, as depicted below:

1. Define

Taking time to understand the organization’s strategic goals and how data security fits into these goals will provide guidance to the overall data security program. The initial phase of the five-step approach should focus on assessing the organization’s goals and objectives and ensuring appropriate policies and standards are in place. Stakeholder interviews, reviews of data management policies and standards, and any other relevant existing documentation should be included in the assessment to understand the current capabilities.

As part of this phase, it is also important to obtain agreement among the various IT and business stakeholders on what the critical data is, the impact that data has to the organization if it is lost and the required security control baselines to protect that data.

2. Discover

Knowing where your critical data is located within the organization is an important step to ensure it is adequately protected with multilayered security controls. Without having an understanding of where the critical data is stored, any security controls will have to be implemented across all systems, no matter if the system contains critical data or not, and that is not cost effective.

Once the organization’s current data environment is understood, a data discovery should be done across the organization’s structured and unstructured repositories to identify and classify critical data stored within those repositories. As these discovery results are gathered, a data catalog and taxonomy should be created to manage the findings. The data categories within the taxonomy should then be ranked using a defined process to understand what data is considered to be the crown jewels.

3. Baseline

Baselining is critical in understanding how much effort is needed to secure the data environment. Without a proper assessment of security controls, it’s impossible to know where the security gaps are located and what additional controls might need to be implemented to better protect critical data.

An assessment should be done to measure the maturity of the organization’s current data security controls and processes against the baselines established in the first phase. The results of this assessment can then be used to develop recommendations around both technology controls and processes that can enhance the overall protection of sensitive data.

4. Secure

During this phase, technical solutions will be designed and implemented to protect data. Based on the gaps discovered during the baseline assessment, a plan is developed to address risks to the crown jewels and implement updated data security controls that will meet the overall data protection objectives.

Typically, a road map is created to prioritize projects and implement solutions to secure the data environment. The outcome of this phase will ensure the crown jewels are adequately secured and risks to their security are remediated.

5. Monitor

We know that data is not static and that it moves across the organization. Also, new data is created every day. So having a process to detect new data and classify that data is crucial to maintaining the overall security of crown jewels.

A governance process should be established to ensure that all the above activities are repeated on a regular basis, depending on your goals and objectives — especially the data discovery activities from the second phase. Organizations should also be looking at capabilities to visualize the risk around data and make a data risk dashboard available to senior management for greater awareness.

Other activities should include developing monitoring checklists, training the team to manage the updated security process and establishing a communication plan to manage the processes around discovering and protecting crown jewels. It is also important to understand that as technologies change and new data threats arise, organizations should revisit their security policies periodically to validate the effectiveness of the controls.

Get Started Today

Based on IBM’s experience working with many clients embarking on the data security journey, we have developed a program known as the Critical Data Protection Program that follows the recommended five-step approach to protect sensitive data. The program has effectively assisted organizations in securing and monitoring critical data. IBM also provides a data risk dashboard capability that helps organizations visualize risks around their critical data and prioritize remediation activities.


More from Data Protection

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Data residency: What is it and why it is important?

3 min read - Data residency is a hot topic, especially for cloud data. The reason is multi-faceted, but the focus has been driven by the General Data Protection Regulation (GDPR), which governs information privacy in the European Union and the European Economic Area.The GDPR defines the requirement that users’ personal data and privacy be adequately protected by organizations that gather, process and store that data. After the GDPR rolled out, other countries such as Australia, Brazil, Canada, Japan, South Africa and the UAE…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today