4 ways to improve data security in 2020

The stakes surrounding data security and risk mitigation rise with each passing year. Data breach costs continue to increase and potential threats grow more sophisticated. 

According to IBM, the average total cost of a data breach – after accounting for remediation, reputational damage and regulatory issues – has reached $3.92 million. While smaller organizations may not face expenses that high, addressing an incident could cost tens of thousands of dollars or more.

Security issues can also jeopardize the transition of workloads into the cloud. This prevents organizations from taking advantage of this technology and making progress toward full-scale digital transformation.

Organizations should keep data security at high priority in 2020 and use every opportunity to improve their security posture and safeguard databases, systems, applications, networks and other assets. Backup-as-a-Service solutions, along with more intensive security assessments, personnel training and advanced analytics tools, can play a pivotal role in those efforts.

In the article below, we’ll explore four options for boosting data security capabilities and preventing data breaches in the coming year.

1. Perform regular review and testing of controls

To stay secure, every organization needs a well-defined organizational structure for managing data security needs. Having a comprehensive security governance strategy in place removes confusion and ambiguity regarding security responsibilities. 

For that strategy to work, it requires regular updates to address shifting security requirements, emerging threats and changing best practices. It should be well-maintained between tests to ensure the organization is doing everything possible to prevent or mitigate a data breach.

To get the best results from a security strategy also requires consistent testing to ensure everything is in proper working order and every contingency covered. To that end, testing security controls should be a key priority. Access management is one of the most important components of modern cybersecurity. Compartmentalizing various platforms and databases helps to prevent unauthorized access or compromise to sensitive data and systems.

Revisiting governance this governance strategy also creates accountability both around security as well as workload management. A lack of accountability in these areas is a dangerous financial and security liability. If internal stakeholders don’t understand who’s responsible for data security controls and remediation efforts, organizations may be too slow to respond to a breach and minimize its impact.

2. Conduct security training for all key stakeholders

In the world of data security, your employees can either be a major asset or a huge liability. When staff members understand the malware and security threats facing the organization and know how to distinguish between legitimate and malicious activity, the business is in a far better position to prevent bad actors from penetrating their defenses. 

On the other hand, employees who are unfamiliar with security best practices and common cybercrime strategies put their own organizations at risk. Their accounts make easy targets for securing unauthorized access to sensitive data and applications.

With that in mind, regular and in-depth security training is an essential component of a robust security posture. As employees undergo such training, they begin to understand how an attacker might try to manipulate them. From here, they can recognize potential attacks and respond as necessary. 

Data security has often focused on external threats. But an organization looking to protect its data needs to pay just as much attention – if not more – to breaches that start from the inside. A 2019 survey of more than 1,000 information security leaders revealed that 69% of respondents reported data breaches stemming from an insider threat.

3. Monitor for internal threats – malicious or otherwise

Not all insider threats are malicious. Many of these result from ignorance regarding proper security measures. Poor security hygiene can be a systemic issue that includes everyone from ground-level employees to C-level executives. That same report found that 78% of CSOs and 65% of CEOs had clicked on suspicious links in the past. Moreover, 43% of business leaders use their personal email accounts to share documents and communicate with their colleagues. 

It should be obvious that this behavior presents major security risks. For instance, people often use the same login credentials for various personal accounts. If one is compromised, the rest will be at risk. By using their personal email for business purposes, employees widen the organization’s threat exposure.

Training for all employees will help create a company culture that values data security best practices. Routine training ensures people adhere to them at every level of the organization.

4. Build-in artificial intelligence-based security protection

Data security best practices have shifted from relying on perimeter-focused efforts to crafting strategies around threat remediation and incident response. It’s unfeasible to expect security mechanisms to block every threat and intrusion. Businesses need to prepare for worst-case scenarios. That entails detecting malicious activity after it’s breached perimeter defenses. 

Organizations should monitor their networks for any anomalous behavior that could indicate the presence of a bad actor. The next step is to analyze the available data to spot trends that indicate network or security flaws.

Accurate detection of malicious activity requires constant visibility combined with sophisticated analytics. Organizations can augment their monitoring and threat detection capabilities with the help of artificial intelligence-based security protection. 

AI solutions can analyze more data with a finer level of precision than any human operator could hope to match. They can comb through far more data and identify even the most subtle indication of anomalous behavior. This enables organizations to address cyber threats before they have an opportunity to cause lasting damage. AI-based security tools are also able to update threat signatures in real-time.  Meanwhile, they also help businesses keep up with cybercriminal activity and the rapid release of new malware strains.

Build up IT resilience to weather the data security storm

Given the high cost of a data breach, businesses need to make a concerted effort to upgrade their security strategies in this coming year. New threats will continue to emerge and exploit lingering vulnerabilities. Having the support of an expert MSP that constantly monitors your network and adheres to the latest security best practices will significantly reduce the risk of a costly data breach.

To learn how to introduce scalable and reliable data backup solutions into your digital transformation strategy, download our guide “6 Practices for Better IT Resiliency Planning”.

Check our previous articles in this series, “3 Ways Your Infrastructure is Preventing IT Resilience” and “Is Your Risk Mitigation Strategy Resilient Enough?“.

Protect your critical data and applications with our turnkey Backup as a Service solution. Reinforced by our deep understanding of data center and network technologies and enterprise-grade managed services, this offering helps you resolve issues faster and free IT resources to refocus on business transformation. 

Hardware and Platform Security: Mastering the Balancing Act

security

You want to allow users to be their most productive. So, you introduce manageability measures to easily deploy tools and enforce security standards that prevent threats without disrupting the flow of productivity.

Nonetheless, your users will always  take some steps to improve their own productivity (via apps and cloud services)  that also hampers manageability and leaves your data and services vulnerable to threats.

Respond with too many security features, however, and usability suffers – slowing down machines and interrupting end users with prompts.

This is the “Great Balancing Act” of modern mobile computing. The successful solution strikes a delicate balance between three critical priorities:

  • Security
  • Manageability
  • Productivity

Our recent webinar explores how Windows 10 Pro and Intel 7th Gen Core processors combine platform and hardware features that help you achieve this balance in your environment.

Security 

Threats to data security are a critical concern for the modern enterprise. Most intruders gain access unnoticed. Many aren’t discovered until well after they’ve left. Many stick around for a while before leaving. So, what are the implications of the threat?

  • The average time to detect a data breach is 230 days (Gartner)
  • 52% of attacks come from malicious insiders (Break Level Index)
  • Web browser is the most common point-of-attack at 36% (McAfee Labs)
  • The average cost of a breach is $3.5 million. (McKinsey)
  • This cost has risen 15% YoY. (McKinsey)

The threat evolves as hackers find new, more advanced ways to gain unauthorized access to your data. But, in response, enterprises often try to fight present-day threats with tools from the past. In a recent example, the WannaCry ransomware bug affected 230,000 PCs worldwide. Most of these were still running Windows 7 (or another version) and hadn’t received updates via the appropriate patches.

Security with Windows 10 Pro 

Microsoft estimates 85% of enterprises will have begun Windows 10 deployments by the end of 2017. Almost 49% of these cite security improvements to Windows as the deciding factor.  In fact, Microsoft invests over $1 billion per year in cybersecurity research and development (R&D). This makes them the world’s largest cybersecurity firm, although you may not have thought of them this way. A great deal of this investment has gone into the Windows 10 Defense Stack.

The five-pillared security strategy protects Windows 10 devices from before and after a potential breach. The new version’s post-breach detection, investigation and response features are the real flagship security improvements in the release.

Features like Conditional Access enable control over who accesses your environment, when, and for how long. Device Guard “hardens” Windows 10 devices against malware and prevents malicious code from running. Credential Guard virtualizes authentication credentials. This, in turn, neutralizes the “rinse-and-repeat” aspect of common Pass-the-Hash (PTH) attacks.

Meanwhile, Windows Advanced Threat Protection (ATP) plays a role to an airplane’s black box, while adding the intelligence to mitigate or remediate threats. Its design uses machine-learning and cloud-based security analytics to detect and contain the most sophisticated attacks.

Security with Intel 7th Gen Core 

Some measures that boost user productivity don’t help as much in the security department.  When it comes to protecting devices, password authentication is one area where the user sometimes creates problems. Many of us may recycle passwords or PINs, if only to avoid having to remember too many. This leads to unfortunate situations where an intruder deriving one password could access a full range of services or devices.

With its 7th generation of Core processors, Intel re-introduces Intel Authenticate, its solution for “hardened,” or hardware-enhanced, security. Authenticate applies “multi-factor authentication” mechanisms to verify a user’s identity through two or more factors.  The result is a better overall security posture without the need for multiple passwords per user.

Intel Authenticate provides further enhanced security via “hardening” or hardware-based security. This places security factors, credentials, policies and decisions below the operating system (OS) layer and beyond the reach of software-based attacks. Intel’s hardware security offering also includes other intelligent features such as Bluetooth-powered walk-away locking and AMT-based environment detection.

Deployment & Manageability 

The workplace has evolved. The modern employee takes it for granted that they’ll use multiple devices for work each day. At the same time, the ongoing consumerization of IT has put a new emphasis on the user experience design.

The old workplace slowed under the weight of complexity, cost and compatibility issues. But, modern security threats put a new importance on the ability to deploy new functionality fast.

The process of deploying and managing devices in your environment must change to meet these new demands. Decades-old policies need to give way to reduce costs and increase agility. Applications and services must adapt to new expectations.

Deployment & Manageability with Windows 10 Pro

Microsoft has created Windows 10 Pro for the world of “modern IT.” With a focus on simplified deployment and dynamic management, the platform allows organizations to adapt to the cloud as fast or as slow as they need to. Enhanced features like Windows-as-a-Service and Windows Auto Pilot ensure deployments aren’t year-long projects that cause major disruption for users.

Dynamic management functionality for mobile apps and devices reduce the burden on IT departments and device managers. At the same time, proactive insights from Windows Analytics Update Compliance and Windows Analytics Upgrade Readiness lower time spent on validation and deployment efforts.

Deployment & Manageability with  Intel 7th Gen Core 

Intel Active Management Technology enables several key manageability enhancements, including Intel Secure Remote Erase. This feature, exclusive to 7th Gen Core processors, allows your IT department to remote-wipe SSD media and encryption keys in seconds.  This is doable from any location worldwide. And, it frees up valuable time otherwise spent on manual deletion of data from retired or re-purposed computers.

Other enhanced management features supported by Active Management include remote, high-resolution reimaging and desktop diagnosis. Together, these serve to reduce your total cost of ownership (TCO) for an IT service by as much as half (Gardner).

Productivity 

In the modern workplace, what constitutes “the office” is often in flux. Users demand uptime with software and devices wherever they are, whether inside or outside the corporate environment. Sixty-two percent of workers say they’re more productive outside the office.

At the same time, many organizations push their device refresh cycles to three years and beyond. But, workers now expect powerful, flexible and responsive user experiences whether working with desktop or mobile devices.

Productivity with Windows 10 Pro

For end-users, Windows 10 Pro enables software and device uptime in- and out-of-office with solutions like Azure AD user state roaming and Windows One Drive for Business and Office 365. Newer features such as digital ink and intelligent assistants like Cortana support more powerful ways to interact with work devices.

Windows 10 Pro also enhances productivity for IT departments, offering streamlined processes dynamic provisioning, and managed roll-outs that harness the cloud.

Productivity with Intel 7th Gen Core 

Intel’s newest “Kaby Lake” generation of Core processors also offer a productivity boost through sheer performance. Although the difference isn’t as noticeable over 6th generation models, the 7th Gen core processors provide a significant improvement over devices aged three-to-four years or more.

The new line of Intel processors also bridges the gap between tablet and laptop/desktop performance. A new breed of “all-in-one” and “2-in-1” hybrid devices from manufacturers like Dell, HP and Lenovo have the power and connectivity to complement or even replace traditional laptops in some use cases.

A Balanced Approach

We’ve seen that many organizations approach the steps of the hardware lifecycle as three distinct parts: select, acquire and manage. Sadly, when different individuals or groups are making decisions, setting standards and managing purchases, the results are internal gaps and delays in the procurement process.  Find out how a holistic approach to managing your device lifecycle and roadmap will help enhance security, manageability, and productivity in your environment.

Why micro-segmentation security makes SDN safer

Why micro-segmentation security makes SDN safer

I can explain why modern data centers need micro-segmentation in two words: Trojan Horse.

Not the malware, but that timeless story of wooden-horsey riding saboteurs. In it, we see that even the most powerful perimeters fall short. The bad guys always find a way in.

With virtualized data centers and desktops, this notion is particularly troubling. What if someone breaches the firewall protecting your virtual environments? Once inside, malware and attackers freely move laterally (east-west) causing mayhem and tons of financial damage.

Micro-segmentation is the solution – but it’s not without its share of confusion and challenges. So before you jump in, consider why it’s the right choice, and some of the common sticking points slowing down its adoption.

[Read more…]