Greg Sullivan, CEO, Global Velocity
When P.F. Chang’s China Bistro Ltd. this month reported a data breach that had targeted customers’ credit and debit card numbers has been contained, and the company is providing identity protection services for customers who may have been affected. The Wall Street Journal reports one key piece of information that should sound the alarm bell to all companies: some of the suspected breaches date back to October 2013. Cyber thieves share the same motivation of the businesses they’re attacking: to make money. Their tactics are targeted and difficult to detect for even the largest companies with sophisticated security systems and trained personnel. Too much information security spending still focuses on the prevention of attacks, while not enough has gone to improving (or simply creating) information monitoring and response capabilities. The priority must shift from protecting networks from the outside-in to securing data from the inside-out, an approach I call “information-centric security.”
As workers have become more mobile and able to work remotely, first with laptops and now on their smartphones and tablets, IT departments must contend with more devices accessing information stores from outside the network. The advent of cloud computing services enables remote workers to bypass the network and VPN entirely.
Traditional network security measures can no longer prevent today’s advanced, targeted attacks. IT does not control the majority of user devices (BYOD) or the cloud services employees use every day, which significantly increase the risk of a data breach. A new security model is needed in order to protect the data, itself.
Instead of securing networks from the outside-in, organizations must adopt an information-centric approach. This requires monitoring where files are kept, how they are used and where they are being sent to in order to rapidly detect and respond to a potential breach. There is still value to hardening your network and using endpoint security software to try to keep the bad guys out, but those steps are only part of a larger strategy that must address the fact that so much information is outside the company’s servers and being accessed by so many different devices.
You must know exactly where sensitive data lives at rest, employing technologies like document fingerprinting, pattern matching, keyword dictionary comparisons and other techniques that can track the genealogy and chain of custody of digital files.
You should also pay close attention to your sensitive data when in motion, and that requires pervasive monitoring to identify meaningful deviations from normal behavior that signal malicious intent. This can include examining file location, when, where, and what devices are being used, including IP addresses and URL reputation.
This combination of content-aware monitoring plus context-aware monitoring equals information-centric security: knowing your digital assets are protected against unauthorized use, disclosure, modification, recording or dissemination.
Traditional antivirus software is not obsolete, but the practice of solely relying on it to protect your data is. It simply cannot keep the bad guys out, and when those attackers do break through the network security system, they can sit quietly for months or even years stealing data before they’re discovered and the damage is done. The fact organizations are moving more information to cloud or SaaS-based services, and permitting employees to access that information with their own personal devices, makes an attacker’s job easier and increases the risk of accidental loss by a well-meaning employee. Instead of fighting to keep the attackers out and prohibiting the use of cloud computing applications or forcing employees to use IT-issued laptops and smartphones, adopt an information-centric approach that enables real-time monitoring of data at-rest and in motion to better protect what the cyber thieves value the most – your data.
About the Author
Greg Sullivan is CEO for Global Velocity, a company pioneering new approaches in securing information. Mr. Sullivan is the former Founder & CEO of G. A. Sullivan, which he sold to Avanade, a company jointly owned by Microsoft and Accenture. G. A. Sullivan appeared for four consecutive years on the Deloitte & Touche FAST 500 list of fastest growing technology companies, and three years on Inc. Magazine’s Inc. 500 list of fastest growing private companies. Accolades include Ernst & Young’s 2000 Entrepreneur of the Year and the U.S. Small Business Administration’s 1999 National Small Business Person of the Year.