April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Don’t just secure the network – secure the breach: three simple steps

By Kirk Spring

As we’ve seen by recently reported hacks of healthcare networks, security breaches are becoming commonplace. Attacks on secure networks can come from internal or external sources. “Breach prevention” is no longer a workable strategy.

Instead, organizations must understand and accept that breaches will happen. Rather than making your top priority securing the perimeter, put the emphasis where it should have been all along – securing the data. In short, don’t just secure the network. Make it your real strategy to “secure the breach.”

There are three steps any agency must take to secure the breach and protect critical data:

  • Know where your data resides
  • Know how your data is stored and managed, and
  • Know who has access to your data.

Know where your data resides

You can’t protect data by securing the perimeter; you have to encrypt the data assets themselves. That way, you know that even if your network is breached, your data stays safe.

A solid encryption strategy means fully understanding where your agency’s sensitive data resides. Data encryption can cover structured and unstructured data over multiple locations. Where is your data stored -- in databases, file servers, endpoints or storage networks? Is in kept on-premise, virtually or in the cloud?

Remember that over time the value of your data changes. Some archived data may no longer be a security risk. On the other hand, new data usually demands an immediate security strategy.

Know how your data is stored and managed

Real security depends on the secret cryptographic keys to encrypt and decrypt sensitive data. When those keys are lost or stolen, it can threaten your whole data and security infrastructure.

Unfortunately, because of the volume and variety of encrypted data, we’re talking about millions of possible encryption keys. But keys are often stored in a variety of places (sometimes on the systems that actually contain the sensitive data). That leaves them exposed to being stolen or misused. And if the keys aren’t secured in transit, the security risk is even higher.

Good key management is essential; it’s almost impossible to protect keys if they’re isolated and disconnected. You need to adopt a crypto management platform across your extended organization to centralize management of the entire key lifecycle.

Security surrounding the key storage container is also critical. Without it, your encryption keys can be stolen, copied, and misused. Software key wrappers don’t protect encryption keys as well as hardware-based options. For better protection, consider vaulting keys in a hardware security module.

Know who has access to your data

While good crypto management will protect sensitive data, that data is only as secure as the people authorized to access it.

User identities must be both protected and authorized. With a strong authentication protocol, you can block unauthorized access and ensure accountability for people authorized to use data. And by having different user group use different authentication methods you can further prevent misuse of data and systems internally.

It’s clear that data breaches are becoming more widespread. Even as agencies continue to invest in outmoded breach prevention strategy, new ways to breach the network are being developed. That’s being complicated further still as networks and data are extending into the cloud and onto mobile devices.

Clearly, security needs to be attached to data. That’s the only way to maintain control of sensitive information on any device or platform, even when it falls into the wrong hands.

Encrypt all sensitive data at rest and in motion. Securely manage and store all of your keys. Control user access and authentication. With those three simple steps, you can be sure your data is protected, and you can be better prepared in the event of a security breach.

Kirk Spring is President of SafeNet Assured Technologies. He can be contacted at [email protected]


Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...