4 Keys to Managing Data Breach Risk

With organizations amassing massive volumes of data, bad actors are accelerating efforts to gain data access and steal corporate, personal, and sensitive data. With data breaches hitting the news cycle continually, there is a lot of noise out in the marketplace on the best way to protect and secure sensitive data. It is important for organizations to not try to boil the ocean, but look to take some fundamental steps, and do them well, to put them in the best position to protect from or react to a breach.

I am going to touch on the 4 key steps every organization should take and can do to better protect and respond to threats, those being

• Sensitive Data Insight
• Security Posture Management
• Access Intelligence
• Breach management

Have Sensitive Data Insight

I believe the first and  foundational component for any organization in being able to protect themselves from data breaches is having insight and an understanding of the data. It is crucial to understand both what sensitive data exists, within your organization as well as where that data exists. With the amount of data, and the number of systems growing rapidly, especially in cloud environments, no organization can boil the ocean. To be able to best protect sensitive data against exposure, with limited resources, having insight into what to protect and where is crucial.

One of the easiest ways for bad actors to access sensitive information, is to gain access to data assets that your organization is not ever aware of, and can contain sensitive data. Many companies face the problem of dark data assets, which are simply data assets (databases, storage and file servers, applications etc.)  that contain data, which your organization and security team is unaware of. In many cases,  dark data assets spring up when an organization migrates data and forklifts assets from on-premises to the cloud. In other cases they pop up because users, such as data scientists or BI analysts, decide to spin up their own environments, download and utilize their own tools, and dump data into them for discovery.   It is easy for these unprotected, unknown assets, to be vulnerable to breach.

To lay the foundation to protect against and deal with data beaches, insight must be gained on all sensitive data, and the data assets that contain the data, including dark data assets. It is necessary to have a complete view of all sensitive data, structured and unstructured. The sensitive data insight must be collected across a variety of data clouds as well as on premises, in IaaS, SaaS, and streaming environments. This allows organizations to prioritize limited resources, protect against breaches and lays the foundation for other key components that protect and deal with data breaches.

Effectively Manage Data Configuration Security Posture

After laying the foundation of understanding what data assets and sensitive data exists within your organization, the next step is to manage the security posture of the solutions that contain and can access that sensitive data. WIth so many systems now spanning multicloud environments, it is difficult to have insight into if assets that contain sensitive data are configured correctly to best protect the data. Cloud misconfigurations are the leading type of cloud security vulnerability. Misconfigurations tend to occur due to the flexibility of configurations and the complexity of the clouds. The problem is exacerbated by the need for developers and administrators to do more in a finite amount of time.  There is also the problem that arises with various differences among clouds, applications and tools, each with their own unique sets of distinct settings, policies, and assets.

Organizations need to understand the underlying data the assets contain and gain holistic insight into the security posture of  SAAS and IaaS assets spanning the multicloud as well as where to focus security efforts. Because the frequency and scale is too large to be done effectively in a manual manner, you must leverage an infrastructure that  automatically alerts, in case of errors, as well as automatically fixes misconfiguration problems.  This is a key way to ensure that your sensitive data is protected from the threat of breach.

Gain Insight Into Sensitive Data Access

Recent data breaches show involved attacks in which stolen employee tokens were utilized to access sensitive data. A way to minimize the risk of exposing sensitive data even if employee credentials are compromised is by having a deep understanding of who is accessing what sensitive data within your environment. By gaining insight into roles and users that are accessing sensitive data, the multiple paths users might take to access sensitive data, you can put in place an access model that minimizes the paths a hacker might have to gain access to the data.

The ability to tie users and roles to an understanding of the underlying sensitive data allows organizations to put in place a “least privileged access model” that grants the minimum level of privileges to any user or role. It ensures that just the level of privilege that is essential for a user to perform their job. It is a model that even when credentials are stolen,  can help minimize the number of possible targets that can expose sensitive data.

Effectively Respond to Breaches

In the eventuality of a breach it is critical that an effective and automated process is in place to ensure a rapid and timely response. Organizations need to take a number of crucial steps to respond to an incident. You must have a mechanism in place to easily identify whose data was impacted & what data was compromised. At the same time it is necessary to gather insights into residencies of impacted individuals and corresponding global regulations that apply. The requirements on how you respond to a breach can differ greatly depending on what data was impacted and the geographic location of the owners of the data. Organizations can face a large financial impact depending on the type, scope and regulation tied to the breach. It is also a key step in dealing with a breach to clearly understand the financial ramifications of any data breach.  Once this is all known, there is the process of responding to the breach by informing the global regulators as well as the individuals impacted. To do this rapidly and effectively as much of this process as possible must be automated.