With the recent upswing in COVID-19, many businesses have now started to realize the benefits of moving their On Premises infrastructure entirely onto a major Cloud based platform, such as that of the AWS or Microsoft Azure. While this does have many advantages to it, one of the common themes that is coming out in the headlines are data leakages.
This can happen either because of a malicious attack, or simply a negligent employee that left the door wide open. No matter how it happened, the key thing that you need to do is to act on it quickly and mitigate the risk of further data from falling into the wrong hands.
How can one accomplish this? We examine some to tips in this article.
Here Is What Can Be Done
- Get a thorough understanding of your data:
Unfortunately, when a CISO gets asked this particular question as to what their data is all about, many of them simply cannot give an answer. The bottom line is that they just do not know. In order to avoid data leakages one must have a firm understanding of the datasets that are being collected. Once there is a baseline understanding of this, then a classification scheme needs to be established that ranks them in terms of their importance and criticality. Obviously, in a perfect world, all of them should receive the same amount of attention, but because of limited resources, this is not a feasible solution. Therefore, based upon how you have categorized your datasets, the most crucial ones should have the most controls associated with them, as well as constant monitoring.
- Just don’t give all of the attention to one type:
Generally speaking, there are three kinds of datasets that a company deals with:
- Data At Rest;
- Data In Motion;
- Data In Use.
Many organizations fall prey into thinking that all of the protection should fall to the first category, because the common belief is that the Cyberattacker is going to target the databases first. While this is true to a certain extent, the second category needs just as much or even more attention. Given that the Remote Workforce are now connecting remotely to the central server, any data in transit (or motion) can also fall be targeted by a malicious third party. To avoid this situation, using VPNs has now become the norm. While this has proven to be a great tool to use, this is showing signs of breakdown because it was simply not designed for so many people to be using it all at once. As a result, you should explore other more sophisticated options that are coming out, such as the Next Generation Firewall, which is designed to handle a much higher workload.
- Carefully select your vendors:
With businesses being quickly transformed into digital ones, the need to depend upon other vendors to help meet the demands of customers is now even greater than ever before. But unfortunately, gone are the days when there was an implicit layer of trust with whom you worked with. Nowadays, you have to very carefully choose, or “vet” out those external third parties you want to work with. After all most likely, you will be sharing some highly confidential information and data with them. Therefore, you need to have a dedicated individual and even a team that is exclusively devoted in accomplishing this task. There is no doubt that this can be a laborious and time-consuming process. But keep in mind that you if your third-party vendor suffers a Cyberattack and some of your datasets fall into the wrong hands, you will be held responsible, not them. Not only this, but your business has now increased the odds of facing an audit by regulators, and harsh penalties imposed by the GDPR, CCPA, etc. As a result, the bottom line is that your vendor’s security practices and protocols should at least be on par with what you have.
- Make use of IRM:
This is an acronym that stands for “Information Rights Management”. With this, you are placing security protocols directly into the file itself, by making use of encryption and tightened user permissions. Take the example of a database. Instead of just securing the access to it, why not also implement other tools to further protect the records that reside in them? This way, you will maintain a very safe and secure versioning process, as your employees access and make changes to them.
- Respond quickly:
If you are every hit by security breach, the first thing that you (the CISO) and your IT Security team is to put out the fires quickly and contain any further spreading of it. This can only be done by having a rock-solid Incident Response (IR) plan in place. If your organization is large enough, you should probably have a dedicated team IR team that can act as first responders. But keep in mind that simply creating this kind of plan is not a one and done deal. It must be practiced on a regular basis, with updates being made to it in real time.
- Passwords, Passwords, Passwords:
Love ‘em or hate ‘em, the password will be the de facto standard for gaining access to shared resources and other types of classified information/data. Don’t think you can get away from this, because even if you have a Zero Trust Framework already deployed, you will still probably using passwords in it as one layer of authentication. Therefore, the best advice here is to make mandatory usage of a very reputable password manager, for all employees, with no exceptions being made.
- Make sure to have Endpoint Security:
This goes back to the concept of Data In Motion. Many businesses are typically concerned with only the network flow of communications, but often disregard the points of origin and destination. The Cyberattacker is aware of this, and thus likes to hang out at these endpoints until the time to strike is at hand. All of this can be avoided by simply implementing an EDR solution at these trigger points.
Overall, this article has provided some timely tips that you can implement to help mitigate the risk of data leakage from happening to your organization. But keep in mind that this not at all an inclusive list. The AWS and Microsoft Azure also have their own set of security tools that you can make use of as well, as you create and launch your Cloud based infrastructure.