Page 83 - Cyber Defense eMagazine April 2021 Edition
P. 83
2. Keep a Hawkeye on your relational and unstructured data and ensure its protection
Organizations must conduct a periodic audit of all data, including databases, data warehouse, data lake, data
marts and other sources to identify where the sensitive data resides and remains overexposed. It is important
to have details on who has access to the data and under what circumstances, who is the authorized owner
and where it is required to revoke the access from the data. These things can be achieved by using the
specially designed solution, data governance, and classification after consulting the data security experts
according to the requirement. It helps organizations to have more granular control on all their data types- no
matter where it resides, whether in the cloud, SaaS, or traditional data centers. Based on the criticality of data,
one should implement the security policies and safeguards. There is a need to implement higher security
controls with D-A-R, D-I-M encryption and have the least access rights to data that will impact your business
greatly if lost or stolen. Follow the compliance guidelines based on data types and geographies. Develop a
privacy policy and adhere to it strictly. While all these stringent data security measures need to be deployed
at scale, it is extremely important to keep consumer grade experience, enterprise grade governance with
integrated multi-cloud data and database management at the forefront of all design methodologies.
3. Adaptive Multi-layered defense approach
While it takes a long time to build a reputation, it can get compromised in a matter of few minutes due to an
occurrence of a cyber incident. Thus, preventive and proactive defense posture is much needed.
Highly sophisticated and targeted attacks are very hard to detect and like with any criminal activity, it’s not
possible to detect 100% of the threats all the time, but there are always ways to mitigate those threats and
reduce the impact. Traditional security methods like AV, FW, IDS/IPS are no longer effective on their own
because of mobility, cloud and now many organizations have borderless entities that enable users to access
corporate resources any time and from anywhere. Adaptive multi-cloud data and security models can help
organizations by automatically analyzing the behavior of threat activity, finding anomalies, and creating a
sequential and detailed analysis of threat events for better visibility, detection and prevention that combines
to become more effective. Integrating with other security tools, implement layered defense approaches like
paired with layers of enterprise endpoint security tools, EDR/XDR, data security and monitoring, adaptive
security can help enterprises to prevent an attack from occurring and respond to breach in a timely fashion,
that minimizes the impact and saves the reputation.
4. Innovative and Offensive Strategy with multi-cloud at its core
In this fight to prevent a cyber-attack, often cybercriminals are sometimes ahead because they are willing
to innovate and continuously try to infiltrate the organization to gain access to corporate resources and
confidential data with their highly sophisticated and innovative TTP (tactics, techniques and procedures).
Businesses and enterprises need to do the same to save themselves from cybercriminals. So, they should
architect IT to thrive in a secular multi-cloud ecosystem through normalized experience for all data
sources including heavy-duty large databases and invest in innovative solutions, address the latest security
issues, keep themselves updated, have a strong lifecycle patch management and efficient cyber workforce
to innovate and hunt the latest threats before they hit the environment. Enterprises must invest & focus on
innovations and proactively hunt for evolving attacks, and threat vectors and resolve the skill gaps of the
cybersecurity workforce gearing up with block-chain based data protection, adaptive IDAM, and automated
data rights revocation.
83 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.