In 2022, the case for data-centric security is expected

In 2022, the case for data-centric security is expected ...

As it pertains to cybersecurity, the start of the new year has seen everything but new beginnings. Unfortunately, four months into 2022, the reality of our cyber crisis is still more of the same number of attacks and breaches, yet the same reluctance to turn away previously safeguardes and outdated methods that are failing on a global scale.

Cyberattacks have spawned a new facet of war, involving major chip manufacturers, multi-billion dollar news corporations, automobile manufacturers, schools, and oil firms. These include, in part, a variety of attacks that resulted in a service loss, a loss of revenue, and a data loss.

This aforementioned list of organizations isnt backed by small mom-and-pop corporations with limited cybersecurity budgets. It is staffed with name-brand global corporations with significant investment in sophisticated security protections. Why, therefore, do the corporations that basically accomplish what they are supposed to do, at least by a common industry convention, still end up in the headlines? Because these attacks, like a majority of the 2021 incidents that preceded them, were common byproducts of the lack of data-centric security across the internet

The film has been seen tens of thousands of times, but keep misinterpreting the sequence: the bad guys aren''t stealing the network (or destroy) the information.

All too often, enterprises are exposed for failing to adopt security standards that align with an evolving threat landscape, where highly skilled threat actors and ransomware gangs are more capable and more well-funded than ever. Today, common cybercriminal can easily bypass the thin veil of passive security controls that exist in data storage systems, allowing them to silently and often steal or destroy large volumes of unstructured data for malicious and monetary gain. There isnt a secure way to safeguard that data.

The scope of a major improvement in technology is long overdue. Instead of engaging with a limited focus on the constantly-changing tactics, techniques, and procedures of attackers, enterprises must place a higher priority on actively protecting their assets. That is the fundamental component to data-centric security, rather than from the perimeter.

The technology behind data-centric security

Adopting a data-centric security model begins with re-orienting the focus away from traditional network-based security strategies in favor of those where data is born. Artificial intelligence and machine learning help to combine active security controls with advanced compliance and monitoring, generating real-time internal visibility to better identify, detect, respond, and recover from encrypted attacks on unstructured data assets.

Through a unified approach, these solutions, compatible with any on-premise, cloud or hybrid network environment, boost data maturity.

  • Data protection: Securing both primary and secondary data files from compromise, loss, theft, or corruption while providing the integrated capability to quickly restore the data to a functional known good state in the event of a breach
  • Data storage: Providing scalable utility architecture to efficiently store data while prepreserving the accuracy, completeness, and quality of data as it is made accessible to users over standards-based protocols
  • Data compliance: Minimizing threat vectors bycertifying that all systems enforce the required data security policies on a continuous basis, and that all users comply with regulations to prevent misuse, theft, or loss of sensitive assets.

The organization''s cyber ecosystem is enhanced by cyberstorage capabilities that aren''t easily accomplished through external-based network systems. The real-time guidance provides the necessary ability to not only prevent breaches, but also to quickly respond to them and mitigate their impacts.

In a complex security ecosystem, cyberstorage is not a substitute for network-based cyber solutions, but rather a key ingredient that has been missing in the recipe to protect against modern data-centric attacks, like ransomware, data theft, sabotage, and... all of these incidents.

How to Maintain data-centric security

It''s not to be difficult to implement data-centric security. It''s all down to three key steps:

  • Reorient your perspective
  • Layer and compartmentalize
  • Establish a feedback loop

Before starting investing in the actual technology behind data-centric security, it is essential for businesses to develop the notion of a data-centric approach. The first step is to stop thinking about security as a doors and windows problem you know, just lock the doors and windows to keep the bad guys out, instead consider it in the context of the asset you are most interested in protecting. Ask yourself, if the threat is so severe, then what defenses can ensure my data remains secure?

Most companies lack visibility into what is actually happening with their data, how much it is being used, who has access to it, and what makes normal use more effective. However, before you reach that point, you must have a clear understanding of how to logically categorize users and applications by function, and then implement controls in layers to ensure protection.

Security is a living and breathing thing. Organizations must continuously improve their defenses as a result of the growing threat landscape. By combining information from multiple sources, you can continue to transform it into a system that can even evolve right alongside the threats. Sources like audit and change logs, admin and user access patterns, and policy changes provide a basis for machines to learn and improve defenses autonomously.

As data is expected to triple in the next several years, data-centric security must begin with looking beyond what humans alone can do. Humans create the business rules, but it is the technology that makes them happen. With the volume of data being stored expected to triple, this must begin by recognizing where that data is and how security savvy these storage systems are.

Making real, tangible progress towards strengthening organizational security can only be achieved by cyber resilience from protecting data at the core. We can take action to ensure that 2022 will be a year of positive change, not just more of the same.

Eric Bednash is the CEO and cofounder of RackTop Systems.

You may also like: