Three Keys to Putting Data-centric Security Theory into Practice

Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures aimed at protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say traditional security solutions don’t work in cloud environments. Still, the march toward the cloud continues. According to a recent study in 2022, 83 percent of organizations surveyed said they were using either a hybrid or multi-cloud environment. More and more of them are experiencing security issues. Thales reported that 45 percent of surveyed businesses experienced a cloud-based data breach or failed audit in the past 12 months, up 5 percent from last year. For organizations to close the security gap they face in protecting new on-premise database architectures and cloud-native environments; they must take additional steps to meet the challenge.

In this post, based on a recent paper by Kuppinger-Cole Why Your Organization Needs Data-Centric Security, we will discuss the concept of data-centric security. Deceptively simple in theory, data-centric security requires a careful strategic approach to translate into a practical data security fabric that wraps protection across an organization’s architecture. There are three pillars that support effective data-centric security; a layered approach to data protection, unified data visibility, and automated data analytics. We’ll provide an overview of each pillar and explain how they fit together to ensure you can protect all of your data stores.

AppSec/API Security 2022

1. The layered approach to data protection

The data-centric security journey begins with establishing a layered approach to data collection. Instead of trying to build an uninterrupted perimeter around all systems containing sensitive data, multiple physical, technical, and administrative controls should be strategically deployed to ensure that each risk is mitigated by several steps. in different locations. Ultimately, multiple logical layers of protection controls are placed around sensitive data, as close to it as possible.

These layers cannot work independently. They must work in tandem, with organization-wide security and compliance policies that must be translated into specific rules that discrete systems and applications can understand. To ensure that layers work well at scale, unified visibility and strong orchestration and automation capabilities must be integrated into the strategy.

Bringing machine learning into this approach provides real-time correlation of security telemetry across layers and offers intelligent decision support. This, in turn, improves efficiency (significantly reduced data to process and fewer ‘false positives’) and can support full automation of threat detection.

making data centric security theory a reality Image 1

Picture 1 – Layered, data-centric approach to information protection.

2. Unified data visibility

To achieve unified visibility across all data repositories, you must have tools to simplify, standardize, and automate compliance, data protection, and privacy management processes. It needs to work in structured, semi-structured, and unstructured data environments, or integrate with existing workflows by integrating with tools such as Splunk and ServiceNow.

Unified visibility makes it easy to get an accurate understanding of where your sensitive data is, whether it’s protected, who’s accessing the data, and what they’re doing with it. You must be able to scale to cover all of your sensitive data, structured, semi-structured, and unstructured, on-premises, in hybrid clouds, and across multiple clouds, so you always have full visibility into your risk coverage and have of the ability to respond appropriately.

Unified visibility also enables continuous scanning of your network to identify servers and services that contain sensitive data. Continuous monitoring of changes will identify any new instances or new sensitive data objects. Deploying a classification engine that uses regular expressions will automatically identify many of the data types covered by regulatory mandates such as SOX, HIPAA, PCI DSS, CCPA, and GDPR. You can also customize the classification rules for your organization’s own unique data characteristics.

For both compliance and security purposes, unified data visibility allows you to observe and document who has access to data, and whether that access is necessary or too permissive. You can also ensure that the individuals who maintain the data stores and their controls are different from the people who audit data access and activity.

3. Automated data analytics

The last pillar, automated data analytics, uses the collection, maintenance, and management of audit data information presented only in a unified view to automate detection and remediation. It also eliminates the manual labor associated with compiling and archiving log files and other records. Data analytics provides immediate live access for audit discovery and security forensics. This, along with automated reporting tools, takes the pain out of compliance reporting and speeds up the entire audit process.

Automated data analytics provides continuous monitoring for proactive breach prevention and monitors access to the user data repository to identify policy-violating behaviors, as well as complex and evasive ones exploitative behaviors that cannot be prevented by internal database controls and cannot be detected by other database security solutions.

Purpose-built analytics engines recognize signs of potential account compromise or malicious insider behavior, enabling security teams to investigate before they become compliance violations or breach incidents in the data.

Data analytics enable rapid response and resolution for any type of security or compliance problem discovered, providing dashboards and incident reports in clear language that your compliance and security staff can easily understand. You can follow up and resolve incidents using automated workflows, or you can use integration playbooks to export incident details to other ticketing systems or Security Orchestration Automation and Response ( SOAR).

There is more than one way to design and implement a data-centric security architecture that fulfills the conceptual principles we’ve outlined here, but these are the key pillars needed to create one.

To learn more about creating a data security fabric that features a data-centric approach, download Kuppinger-Cole’s recent paper Why Your Organization Needs Data-Centric Security.

The post Three Keys to Turning Data-centric Security Theory into Practice appeared first on Blog.

*** This is a Security Bloggers Network syndicated blog from the Blog written by Bruce Lynch. Read the original post at:

#Keys #Putting #Datacentric #Security #Theory #Practice #Source Link #Three Keys to Putting Data-centric Security Theory into Practice

Leave a Comment