As companies around the world turn their attention to advanced threats endangering their most sensitive data, one category is commanding much-deserved attention: insider threats. With 44.5 percent of attacks perpetrated by malicious insiders, guarding against these incidents is becoming a pressing concern.
An effective way to tackle insider threats is with an integrated approach that accomplishes two related goals. First, organizations need to reduce their exposure to insider threats by securing their critical data and governing their identities. Second, they need to monitor the actions of their authorized users to detect any anomalous behavior using security intelligence. In this post, we will focus on the first piece of that integrated approach: securing sensitive data.
To protect an Organization’s most sensitive data, it is important to have a mature data security strategy in place. That strategy will help determine who owns the data, where it originated, how sensitive is it, what it can be used for and so on.
Organizations can follow a systematic, five-step approach to protect their data with the highest business value, commonly known as crown jewel data, as depicted below:
Taking time to understand the Organization’s strategic goals and how data security fits into these goals will provide guidance to the overall data security program. The initial phase of the five-step approach should focus on assessing the organization’s goals and objectives and ensuring appropriate policies and standards are in place. Stakeholder interviews, reviews of data management policies and standards, and any other relevant existing documentation should be included in the assessment to understand the current capabilities.
As part of this phase, it is also important to obtain agreement among the various IT and business stakeholders on what the critical data is, the impact that data has to the organization if it is lost and the required security control baselines to protect that data.
Knowing where your critical data is located within the organization is an important step to ensure it is adequately protected with multilayered security controls. Without having an understanding of where the critical data is stored, any security controls will have to be implemented across all systems, no matter if the system contains critical data or not, and that is not cost effective.
Once the organization’s current data environment is understood, a data discovery should be done across the organization’s structured and unstructured repositories to identify and classify critical data stored within those repositories. As these discovery results are gathered, a data catalog and taxonomy should be created to manage the findings.
