By Vishal Salvi
Gone are the days when data was limited to megabytes and gigabytes. Every sector now must deal with data in exceedingly large volumes. Also, data is being generated and stored beyond organisational boundaries and nearly every business is now data-driven.
This vast data is exposed to different types of cyber threats and vulnerabilities. Threats typically refer to an attack by an external and internal body while a vulnerability refers to a gap, weakness or flaw existing in the system or network that could be exploited to cause any kind of data breach or loss. According to the latest reports, the average cost of data breaches has risen 12.7% from $3.86 million in 2020 to $4.35 million in 2022.
Organisations must understand the various ways they can protect their data to keep it safe from the constant threats and vulnerabilities that exist in today’s volatile environment.
Understanding Data Protection
Data protection is the process of protecting data from damage, loss, or corruption. An organisation could implement data protection framework to maintain data confidentiality, integrity, and availability along with privacy for user data. The framework can define policies, processes and adopt technology-based solutions to implement practices around the collection, storage, and handling (including deletion) of data that prevent it from being lost or damaged.
The adoption of a data protection framework ensures your data is safe through the data life cycle.
Data Governance
Organisations must conduct an analysis of its data assets and relevant threats to develop a data protection policy that determines the risk tolerance for every data category and implements technical and organisation controls.
Data Discovery and Classification: Discovering where the enterprise data resides and applying appropriate classification labels based on business criticality, sensitivity, and compliance requirements is the first step to safety. This step also identifies data owners and custodians across the organisation.
Also read: Cybersecurity challenges that could potentially arise in the 5G era
Identify & Access Management
Authentication is the process of verifying who someone is, whereas authorization is the process of verifying what specific applications, files, and data a user has access to. Identity and access management (IAM) solutions ensure that access to data is provided as per the needs of the job or role.
Identity systems are coming under sustained attack. Misuse of credentials is now a primary method that attackers use to access systems and achieve their goals. For example, in the SolarWinds breach attackers used a supplier’s privileged access to infiltrate the target network. Gartner lists identity system defence as the second most common cybersecurity trend for 2022.
Data Encryption and Key management: Encryption is a method of protecting data even when it is stolen. Unless the threat actor has the decryption keys, it’s impossible to access the data.
Encryption is only as safe as the algorithmic key that is used. Digital key management solutions can ensure the encryption keys are protected and their life cycles are managed so that attackers or unauthorised users don’t gain access to keys.
Information Right Management: Policies on granular data access rights must be devised to protect against unauthorized user access within or beyond the boundaries of your organisation.
Data loss prevention (DLP): DLP technology includes offerings that provide visibility into data usage and movement across an organisation. It also involves dynamic enforcement of security policies based on content and context for data in use and at rest. DLP tools prevent data from being lost due to theft, deletions, or exfiltration or even leakage.
Data Replication and Disaster Recovery: Data must be backed up regularly and stored securely in a different location to ensure that business can continue as usual even when the data is damaged or lost due to accidents, attacks, or calamities.
Data Erasure: Data protection and compliance laws require secure deletion of data once the processing is done to prevent further hacks. Storage limitation is a core principle of privacy regulation and can lead to penalties.
Extended Detection and Response (XDR): Extended detection and response (XDR) integrates data from any source to stop modern attacks. XDR is a security measure that provides granular visibility by collecting and correlating data. The sources of data could be email, endpoints, servers, cloud workloads and networks. XDR helps security teams identify, investigate and handle threats across multiple layers of security and combine into a single incident.
Adoption of Zero Trust Architecture: Zero trust is the concept of shifting from the conventional perimeter-based security to a data-centric security approach. Under Zero Trust, every user is always verified even if they were authenticated earlier.
Privacy & Security by Design: This means designing products or services with privacy and security measures at the planning stage. It includes implementing data security frameworks, processes, and policies to mitigate risks of user data exfiltration before a product goes live. It involves IT, legal, and product design teams to work together.
Data is now an enterprise-wide corporate asset. Organisations must think of security controls for on-premises, cloud infrastructure, applications, and mobile devices. Data should be audited and monitored at all stages of the data lifecycle to help organisations stay compliant with different regulatory requirements.
(The author is Chief Information Security Officer and Head of Cyber Security Practice, Infosys. Views expressed are personal.)
