Regulatory compliance is becoming more complex, and each regulatory policy widens the scope for
            required data security controls, often resulting in point solutions, added complexity and the loss of network
            visibility.

            Therefore,  strict  separation of duties  is  a  core  compliance  requirement  to ensure  there  is  no  risk  of
            network policy interfering with data security policy; but this is often difficult to enforce when security is
            tied to infrastructure.

            So, how can organizations secure their data, even when the network isn’t secure to begin with? And how
            can they ensure the security posture is always visible in order to ensure their data is always secure?
            Simon Hill, Director Sales Operations at Certes Networks explains why a five-step approach is essential
            to keep a customer’s data secure.



            The Five Step Approach to Data Assurance as a Business Strategy

            Due to increasing pressures to keep data secure, securing data as it travels across the network has never
            been more important. Encryption is certainly one way to keep data secure as it travels across the network,
            but it is not as simple as just deploying an encryption solution. Organizations must follow these five steps.



            1.  Convert data assurance requirements into an intent-based policy. This is then used to configure and
               enforce the required security parameters for sensitive data.

            2.  Creating multiple polices, one for each data classification or regulation, not only ensures that data is
               protected at all times, but with each policy using its own keys, customers are creating micro-segments
               using strong cryptography or crypto-segments. These crypto-segments keep data flows protected
               using separate keys and also provide critical protection against the lateral movement of threats.


            3.  Organizations  must  look  at  the  requirements  of  their  environment.  Whether  it  is  low  latency
               applications,  high  throughput  data  requirements  or  rapidly  changing  network  environments,
               organizations must have the flexibility and scalability to secure any environment to meet the depth
               and breadth of their organization’s needs.


            4.  Organizations also need full network visibility without compromising data security. With traditional
               encryption  blinding  the  network  and  security  operations  tools,  monitoring,  troubleshooting,  adds,
               moves, or changes are made difficult without first turning encryption off. An encryption technology
               solution should enable the network to look and work in the same way after deployment as it did before,
               enabling all networking and security functions even while data is being protected.



            5.  Lastly, with a data assurance strategy, organizations can benefit from a real-time view of their data
               security posture, graphically showing data security performance at all times. An observability tool or
               a  third-party  security  dashboard  can  ensure  rapid  detection,  response  and  remediation  of  non-
               conformance  and  provide  evidence  as  part  of  any  required  audit.  Organizations  using  Artificial




            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        55
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.