Finding a trustworthy IT partner is a game-changer, especially for healthcare...
Avoid Becoming the Next Headline: A Look at Network Security’s Biggest Hole
Target, Home Depot, Jimmy John’s, Best Buy, Dairy Queen.
All of these companies have been hit by security breaches in the last year. These huge profitable companies have teams of people who are overseeing the data and technology in the company and there are still holes in data security.
IBM conducted a study based on the organizations that they monitor that showed there is a 12% increase in security events year over year.
So, the question is… Who will be next on the list? How much private information will be stolen? How will it impact the organization and the clients?
But most importantly, you need to be asking “How can I avoid being the next headline?”
There are many layers and levels to security, depending on the compliance standards that need to be met. One major hole I see in companies is absence of full traceability of their data.
Tracing the Data
Think about the way data flows in your organization today. From the corporate network to your laptop, from your smartphone to the cloud and back. Data breach statistics show the movement of data is rapidly accelerating – and it’s no wonder! Enterprise is enabling this free flowing transfer of data to improve mobility and productivity for their users. So how can IT enable the flow of data without compromising security of the data as it moves around in the organization?
The answer lies in traceability tools. Not many organizations have the right tools to control and track where their data is flowing. Where and how does the data come into the network? Where does it move from there? From server to server, from user to user and then back out of the organization again.
As companies partner with 3rd parties such as vendors or manufacturers, it becomes even more crucial to understand how the data is moving and who is getting access to it. In an IBM study, 37% of survey respondents said that 26-50% of business disruptions have been caused by 3rd parties in the last 24 months. It’s clear that it is more important than ever to know exactly where your data has been.
It’s not only the lack of tracing tools but also the availability of unsecure cloud applications to the users. Document management applications like Google Docs, Evernote and DropBox are serious threats to the security of your organization because you have no control over what the users are pushing out of the organization. Firewalls can restrict these breach instigators and easily plug up some of the security holes.
Where should I start?
When I begin understanding the level of security in an organization, I start with the basics: Firewalls Enabled and Servers Hardened. These are the basic blocking and tackling of security threats in most organizations. In addition, encrypting data in motion and data at rest would also be considered basics in today’s security conversation. However, data security goes well beyond the encryption of data. Traceability of data is where the action really starts. At SmartBase, we use a network appliance from AlertLogic to follow and track the data as it moves through the organization. Alerts are set up to detect and prevent network intrusions as well as provide deep security analysis and insights. We have full knowledge of data movement in the environment as well as who is initiating that movement. When non compliant data access is attempted, the alarms go off and immediate investigation ensues. The key word there is “attempted” data access. Using this technology gives clients complete and secure control over their data, resulting in met compliance standards and consistent protection across applications.
The time of “wait and see” is over. Mobility, big data and cloud applications are all contributing to the holes that are being punctured in security strategies. I know the saying goes “No press is bad press”, but I prefer “No news is good news” when it comes to data security. Contact me for more information and we can help keep your organization out of the “Security Breach Club”.