With data breaches on the rise, companies must remain vigilant in safeguarding their assets. Failure to stay in front of data threats will inevitably result in breaches, financial losses, and tarnished reputations.
For years, companies have focused on perimeter security to thwart the ever-increasing number of data threats. But now, with more than 50 percent of security breaches perpetrated internally, perimeter defenses are no longer sufficient for securing data.
Today, companies need to extend their data infrastructure across business units, partners, suppliers, customers, and a growing mobile workforce. The outsider is now an insider. Because of this, companies must adopt an enterprise data protection strategy in order to effectively protect data from the core to the edge of the enterprise, an end-to-end encryption solution across databases, applications, networks, and endpoint devices. The result is secure data at all times—at rest, in motion, and in use.
Derek Tumulak, vice president of product management at SafeNet, suggests the following steps when developing an enterprise data protection security strategy.
Click through for eight steps to developing an enterprise data security plan.
Data classification is an important element of achieving data privacy. When performing this task, you should determine data confidentiality levels, identify and classify sensitive data, determine where sensitive data is located, and determine data access models.
Once the data identification and classification process is complete, you are ready to develop a security policy, which turns enterprise expectations into tenable objectives.
Determine an acceptable level of threat, keeping in mind that the sooner in the data processing life cycle the data is encrypted, the more secure the overall environment.
Develop an authentication and authorization policy that leverages best practices and historical information to help determine which users, processes, and applications have access to sensitive information.
Identify the legislative measures that apply to your organization, and, once an acceptable threat model is agreed upon, translate those legislative requirements into technical requirements.
Implementing a data privacy solution can be done at multiple points within the enterprise. Choosing the point of implementation dictates the work ahead and significantly affects the overall security model. Encryption modes include network-level, application-level, database-level, and storage-level.
When considering a data privacy solution, there are clear choices regarding the modes of implementation. All of these options vary in terms of security model, yet each provides a level of protection aligned with the potential requirements of an enterprise. Options to consider include secure key management,cryptographic operations, authentication and authorization, logging, auditing, and management, backup and recovery, and hardware.
In addition to reducing IT expenses, it is important to leverage existing technology standards that will help ensure security, performance, scalability, interoperability, and supportability of the overall solution. Furthermore, by leveraging existing technology where appropriate, enterprises can more quickly and effectively deploy a complete data privacy solution.