Add to favorites
Want to avoid seeing your corporate data appear in WikiLeaks?
However much you thrive on the roller coaster of business, one adrenaline rush you want to avoid is finding out that your corporate data is on WikiLeaks.
CIOs face the dichotomy of running an agile, flexible, data-sharing organisation while ensuring they are keeping corporate data safe. Much of the data being shared is sensitive in nature and if it gets into the wrong hands the results would be disastrous.
The good news is that it is possible to strike a delicate balance between an agile data model and strong data security.
When it comes to safeguarding data, establishing role-based, data-level security settings and encryption at rest are key to ensuring that data is only shared with appropriate individuals or organisations.
Take, for instance, the activities involved in supporting NHS patients or insurance customers. A doctor or financial analyst should have access to a great deal of patient or customer personal information. On the other hand, a call centre handler booking appointments or renewing policies only needs a restricted view of the same data.
Based on our work with security-conscious organisations, including global banks, here are the key factors that need addressing:
Redaction: Using redaction makes it easy to mask sensitivedata for certain audiences. By removing, replacing or blocking out details such as personallyidentifiable information (PII), it is easy to share custom views of your dataand prevent leakage.This feature has the added bonus of helping with compliance as it provides support for regulations including EU GDPR.
Advanced encryption: To protect data from cyber criminals and insider threats, organisations need to implement encryption in a more systematic way. Advanced encryption involves the selective and transparent encryption of data, configuration and logs. With its automatic and fast granular key rotation, standards-based cryptography and advanced key management, advanced encryption provides separation of duties between the security administrator and any system, network or database administrator to decrease the risk of potential exposure.
Standards Focus: Ensure you use data management products that support standards such as Common Criteria Certification, a stringent standard for computer security. Additionally, look for compartment security, data auditing, strict access controls as well as authentication tools that work with your organisations existing IT infrastructure.
Principle of least privilege: This is the process of deciding which users, programs and processes require access to the information in any particular layer of a computing environment. This includes application security controls around the databases APIs and security capabilities.
RBAC at scale: Role-Based Access Controls that manage individual users access to data dependent on their role have to be deployed at scale or designed with very granular roles and access controls to ensure performance isnt impacted at times when there are high volumes of data being added or queried.
Element level security: While older databases offered security at the document level, the latest technology has made it possible to increase granularity and hide specific elements within a document from users. Security at the element or property level based on an employees role enables companies to protect sensitive information throughout the life cycle of a document.
Certificate-Based Strong Authentication (CBA): CBA ensures the use of an encryption key that is unique to the authentication device and the user. CBA can also be used to digitally sign transactions and provide proof of the integrity and origin of data, also known as non-repudiation.
Effective data governance policies: Its important to implement and follow effective data governance policies and best practices such as maintenance of access controls, metadata, data quality and security features. If your database platform allows attributes to travel with the data, then the policy enforcement can be more granular and effective.
Separation of duties: This security method is used to manage conflicts of interest, the appearance of conflict of interest and fraud. By carefully restricting the types or amount of data any one individual employee can access, it creates a naturalbarrier to fraudulent activity.
Use the strongest available authentication: Using the highest level of authentication ensures the security and quality of the data.Examples include, LDAP, Kerberos and an external Key Management System.
Use SSL/TLS: Last but not least, Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL) is essential to encrypt all communications between all the different nodes and hosts.
We believe enterprises dont need to make a trade-off between data sharing and security. When your most sensitive and valuable data is being integrated across multiple silos of data, it takes a combination of products and processes to ensure that data is secure. But these capabilities can protect against some of the most sophisticated security threats companies are facing todayand in doing so, provide a competitive advantage.
Read more here:
How to keep your data out of WikiLeaks - Computer Business Review