Page 55 - Cyber Defense Magazine for August 2020
P. 55
Regulatory compliance is becoming more complex, and each regulatory policy widens the scope for
required data security controls, often resulting in point solutions, added complexity and the loss of network
visibility.
Therefore, strict separation of duties is a core compliance requirement to ensure there is no risk of
network policy interfering with data security policy; but this is often difficult to enforce when security is
tied to infrastructure.
So, how can organizations secure their data, even when the network isn’t secure to begin with? And how
can they ensure the security posture is always visible in order to ensure their data is always secure?
Simon Hill, Director Sales Operations at Certes Networks explains why a five-step approach is essential
to keep a customer’s data secure.
The Five Step Approach to Data Assurance as a Business Strategy
Due to increasing pressures to keep data secure, securing data as it travels across the network has never
been more important. Encryption is certainly one way to keep data secure as it travels across the network,
but it is not as simple as just deploying an encryption solution. Organizations must follow these five steps.
1. Convert data assurance requirements into an intent-based policy. This is then used to configure and
enforce the required security parameters for sensitive data.
2. Creating multiple polices, one for each data classification or regulation, not only ensures that data is
protected at all times, but with each policy using its own keys, customers are creating micro-segments
using strong cryptography or crypto-segments. These crypto-segments keep data flows protected
using separate keys and also provide critical protection against the lateral movement of threats.
3. Organizations must look at the requirements of their environment. Whether it is low latency
applications, high throughput data requirements or rapidly changing network environments,
organizations must have the flexibility and scalability to secure any environment to meet the depth
and breadth of their organization’s needs.
4. Organizations also need full network visibility without compromising data security. With traditional
encryption blinding the network and security operations tools, monitoring, troubleshooting, adds,
moves, or changes are made difficult without first turning encryption off. An encryption technology
solution should enable the network to look and work in the same way after deployment as it did before,
enabling all networking and security functions even while data is being protected.
5. Lastly, with a data assurance strategy, organizations can benefit from a real-time view of their data
security posture, graphically showing data security performance at all times. An observability tool or
a third-party security dashboard can ensure rapid detection, response and remediation of non-
conformance and provide evidence as part of any required audit. Organizations using Artificial
Cyber Defense eMagazine – August 2020 Edition 55
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.