Without a doubt, the biggest threat to an organization’s cybersecurity is its people. Either willingly through an insider attack or unwittingly through social engineering, most breaches occur with significant internal cooperation.
“Jan, I’m tied up in meetings all day and need you to purchase $500 in Apple Cards immediately and send them to me as gifts for our clients.”
Does this shady text or email sound familiar? At some point, we’ve all received a version of these phishing scams, often purportedly from a CEO or senior leader, asking us to click on a link, update software, or purchase an odd amount of gift cards. Ironically, it’s often our desire to be helpful that gives bad actors a foot in the door. As more organizations look to “democratize” data or make it accessible to more business users, it’s paramount that teams receive regular training and education to help them recognize various types of threats and understand procedures to properly handle such incidents.
Network security has traditionally been thought of as outside versus inside: bad actors outside, good actors inside. But with the rise of cloud and with access to networks by mobile phones, desktops, laptops and any number of other devices, it’s no longer feasible or responsible to have such a neat separation.
Businesses should instead implement a zero-trustarchitecture: Essentially, a network-wide suspicion of anyone or any device inside or outside the perimeter. Rather than giving every employee or contractor complete network access, start with minimal permissions or those they need for their role and require authentication on every network plane. This establishes more layered security that makes lateral movement more tedious should a bad actor break through the door or be given a key.
The future is hybrid. A modern data strategy can no longer be one-dimensional. Not on-premises or cloud or multicloud, but a seamless marriage between them.
Organizations must have a platform that’s scalable, adaptable and flexible: scalable to properly store and process massive amounts of data and diagnose vulnerabilities before they become a breach; adaptable to quickly build machine learning (ML) models on new data sources; and flexible to allow data and workloads to freely move to optimize cost, performance and security.
A hybrid model allows high-value, deeply sensitive data to remain on-premises while taking advantage of the elastic, cost-effective properties of multicloud to manage less sensitive information. When developing a hybrid model, ensure your platform can enforce consistent security and governance policies throughout the data’s entire lifecycle, regardless of where it’s stored or moved to, or what it’s used for.
For data to be used responsibly and effectively, it must be secured and governed consistently.
