Page 21 - CDM-Cyber-Warnings-March-2014
P. 21
Are You Flirting with Data Disaster? By Randal Asay, Catbird CTO Data breaches are a huge concern these days, with news of high-profile hackings coming to light with alarming frequency. Social media app Snapchat experienced a hacking incident involving 4.6 million users earlier this year, and late last year, more than 40 million Target customers had credit and debit card accounts compromised in a data breach incident that generated widespread consumer angst. If you’re in charge of your organization’s vendor relationships, worrying about issues like a partner-related data breach may keep you up nights. All that stands between your company and a data disaster are your vendors’ vigilance: Sloppy operational practices and human error can undermine your business. Too many companies have a difficult time controlling vendor DMZs because they compromise firewalls, open ports in key management consoles and enable data transfers to facilitate troubleshooting and system configuration activities, sacrificing data protection for operational expediency. If this is you, now is the time to realize that you need to find a better balance between operational efficiency and upholding basic data protection practices. If your data security rests on the whim of any individual working for a vendor who can access sensitive information, you’re setting yourself up for a data disaster, and sooner or later, your company will experience the challenge of trying to justify inadequate data protection measures that resulted in a major breach. So how do you improve data security? The first step is to acknowledge that security is much more complex these days than it was in years past. You have to do more than just meet the minimum requirements of regulations like HIPAA. To truly protect your data, you’ll need to create and enforce robust security standards – for your own organization and for your partners – adopting standards that are based on data segmentation. Technology has changed in a fundamental way over the past few years, so a security policy that is centered on physical topology is no longer adequate. Modern security standards should be built from the application level, moving intelligence up the stack. With this approach, access to critical components of the infrastructure require higher privileges, thus reducing the ability of users to abuse rights. At Catbird, we call these critical infrastructure areas TrustZonesTM, and we use a software-defined mechanism to secure networks and data centers that the software also defines and manages. By creating TrustZones that simplify security configuration and automation, Catbird addresses the conflicting priorities between operational efficiency and security. It’s important to remember that taking on operational efficiency requires an end-to-end security strategy. This removes wildcards introduced by complex data centers that are currently given inadequate protection via manual processes, static technology and monolithic systems. TrustZones recognize the new reality, enabling all assets within established Zones to enjoy complete protection by taking a simple, automated network security approach that is designed for today’s virtual environments. To limit exposure to risk through human error, TrustZones offer predefined controls to each Zone based on an overarching compliance framework. This " # % " $ " # ! !
