Evolving business trends have caused an explosion of endpoint devices in recent years, as employees capitalize on new mobile technology in the work environment. However, employee convenience/mobility and business security rarely go hand in hand. Perhaps inevitably, the proliferation of endpoint devices is causing havoc amongst the IT security teams tasked with protecting the business network, because they simply can’t keep up.
In March 2015, the Government Communication Headquarters (GCHQ) suggested the best defence strategy was to simply strip employees of all such devices. However, a far more sensible approach is to turn the issue of data protection on its head. Many of the IT security teams struggling to keep up with new devices/demands on the network share one common issue: they are still taking a reactive approach to network and business security. In a modern, mobile business environment, stubbornly sticking to this approach means they will always be on the back foot, playing catch up.
A far more effective approach starts with a simple question: "what are hackers after when they break into a vulnerable business network?" In the vast majority of cases, the answer is the same – data, whether it be personal information or credit card numbers, source code or trade secrets, to name just a few. With this in mind, rather than try and keep up with every new endpoint vulnerability and security leak, a better solution is to focus on protecting what the criminals are really after.
A data-aware approach applies endpoint protection at the kernel level of the operating system, which provides complete visibility to all hardware, software, data storage and data movement. In addition to complete visibility, enforcing usage policies based on the sensitivity of the data, the user, and the intended action (e.g. email, move, copy, print) will ensure sensitive data is continuously being monitored and protected from unauthorized access or movement.
At its core a data-aware approach has three key requirements that are centered on applying protection directly to the data:
1. Identify sensitive data continuously
It is hard to protect data if you don’t know where it is. Generating a point-in-time inventory of data is a first step, but doesn’t account for data that is created or modified after the inventory, or the movement of data over time. To protect data effectively, an organization must consistently and continuously monitor, identify and classify data as it is created or modified. This process can be automated, but must occur in order to protect data on a continuous basis.
2. Monitor sensitive data continuously
Data isn’t static. Employees, customers, and partners use and modify it, as do business applications. As mentioned earlier, protecting a central data store is not enough by itself. Critical data also exists on the growing number of endpoints out there, as well as in email to users inside or outside the enterprise. Knowing where the data “used to be” doesn’t help. It must be tracked throughout its life and maintain appropriate classification no matter where it goes.
3. Protect sensitive data use contextually
Protecting data doesn’t mean simply locking it down. It requires a contextual understanding of three factors: what actions may be taken with the data; by whom; and under what circumstances. Certain actions may be permissible on the corporate network, but not off the network. Privileged users need to configure devices but should be prohibited from viewing specific files on those devices.
Reacting to previous breaches can plug holes in an organization’s defenses, but this is not a sustainable strategy. By applying protection directly to data, organizations gain continuous visibility to data creation and use. If you know where your data is at all times, policies controlling its use (and blocking misuse) are simpler to implement. In short, data-aware security protects sensitive information without the guesswork.
Salo Fajer is chief technology officer at Digital Guardian.
This article originally appeared in the July/August 2015 Issue of Network Computing UK.
Forrester Future of Data Security
Security pros must take a data-centric approach over a traditional perimeter-based approach to ensure that security travels with the data.
Related ArticlesEDR vs. EPP vs. MDR
In this blog we break down the differences between three different types of endpoint protection systems: EDR, EPP, and MDR.Endpoint Detection and Response (EDR) Solutions: Expert Tips & Strategies
12 security experts reveal the best approaches and solutions for Endpoint Detection and Response.