By Claude Mandy, Chief Evangelist at Symmetry Systems
Organizations depend on data to operate. From day-to-day operations to strategic decisions, data is what keeps an organization ticking. As digital transformation marches on, the volume of data generated by businesses grows exponentially – and data security challenges grow with it.
Here, we will explore some of the most common challenges organizations face when it comes to securing data, the risks associated with them, and best practices organizations should implement to improve their overall data security posture.
Lack of Data Inventory
One of the most common challenges organizations face is the lack of a data inventory. Organizations simply don’t know what data they have, where it is, and why it’s important. The primary reason for this is due to the ever-increasing amounts of data being created across different parts of the organization. And somewhere within these vast amounts of data, lies sensitive information that puts organizations at risk.
This lack of visibility leaves them vulnerable to unforeseen threats. including legal penalties from non-compliance, operational disruptions due to unauthorized data access or alterations, and severe implications on overall security. A credential or secret is just data after all.
Thankfully, a lack of data inventory is an easy challenge to address because there are tools available that can provide this visibility. Complete visibility not only into which infrastructure resources contain sensitive data across cloud data stores, but also ownership of the data. A robust data inventory is crucial for any effective data-centric security strategy that enables organizations to proactively identify and address potential security threats before they become a data breach.
Dormant Identities and Data Stores
Aside from a lack of data inventory, dormant identities are the single most common data security issue and one of the most overlooked paths to breaches and attacks. A Dormant identity is any user, role, or service account that has been inactive for extended periods of time. These identities accumulate in organizations when there is not a proper system in place to remove terminated employees, inactive users, or unnecessary permissions.
Delayed or incomplete employee or vendor offboarding are a common cause of dormant identities. Companies often swiftly onboard new employees and third-party individuals. However, when these users leave or change roles, the offboarding procedures are oftentimes pushed aside. With that, permissions or unnecessary identities of departed users are not revoked or deleted, leaving them accessible to former employees, contractors, or potential attackers in case the credentials are compromised.
Regardless of the root cause, dormant identities present a common and overlooked avenue for breaches because threat actors seek out the path of least resistance, and a compromised dormant identity can often be the quickest way to obtain sensitive information. If left unmonitored, threat actors can seize control of these accounts and identities without detection, and achieve access to sensitive data. Dormant identities are typically less monitored, so in the event of a compromised dormant identity, security teams often remain unaware of the breach.
Dormant data stores can also put organizations at increased risk. Dormant data stores are old and unused, and become potential targets for attacks as they are often forgotten and unmanaged. Organizations retain archives of information due to regulatory compliance or store long past their useful life, in the hope of potential future use But in reality dormant data is never utilized once it become dormant and while it may not be of business value, it remains accessible and increases risk by expanding the organization’s attack surface and the blast radius of a potential data breach.
To remediate these challenges, it is important to prioritize cleanup tasks and conduct proactive exercises to reduce risk promptly and regularly. To do this, organizations should adhere to their stipulated data retention policies and prioritize removing any high-risk dormant identities and removing any unnecessary permissions. They should ideally invest in automation that enables ongoing monitoring, alerting, and proactive risk reduction.
The Risks of Over-Privilege
Alongside dormant identities and old user accounts, over-privileged identities can be just as dangerous. Users should only have privileges required to carry out their designated job responsibilities or least privilege. If an organization overestimates the level of access or permissions an identity needs, (and they often do) they open themselves up to significant and avoidable risks. If a user with malicious intent gains access through an over-privileged identity, they can acquire heightened access and cause more extensive damage than they would under normal circumstances.
Over-privileged data stores also enable widespread access and increase an organization’s risk for a data breach. Virtually every organization has data stores that would be deemed over-privileged. Data within an organization should exclusively be available to users with a genuine business need for that specific data – but this is far more challenging to determine than it may seem. Oftentimes, data stores have widespread access enabled and project managers share credentials without fully understanding the resultant permissions. When permissions are granted in this manner, this puts the organizations at greater risk of data breaches, leaks, and misuse.
To enhance security and avoid the risks associated with over-privilege, organizations are advised to grant and continually right size permissions strictly based on job duties and operational necessity. Furthermore, organizations should implement a streamlined, semi-automated process for permission management, only re-granting access when necessary. These measures collectively contribute to reducing the attack surface and mitigating the impact of compromise in the event of a breach.
A Case for Increased Visibility
These are just a few of the many challenges organizations face when securing their vast amounts of data. To address these challenges, businesses must evolve their approach to data security. Data protection can no longer be confined to traditional perimeters or the devices being used. Instead, securing data requires full visibility into where it resides, how sensitive it is, who has access to it, and how it is being used.
When organizations have complete visibility into their data, they are able to remove dormant data and identities, assign users with least privileges, and ensure their data inventories are secure and up to date. By implementing tools that provide a holistic view into an organization’s data, and continuously and proactively monitor for threats, organizations significantly enhance their security and ensure the safety of their sensitive information.
Data is often an organization’s greatest asset, as well as their greatest source of risk. As the volume of data continues to grow, security teams face increasing challenges in trying to protect it. In order to combat these challenges, organizations must prioritize visibility and proper data management. By implementing tools that provide a holistic view of their data, organizations minimize the risk of a data breach, even as their volume of data continues to grow.
About the Author
Claude Mandy is Chief Evangelist for Data Security at Symmetry, where he focuses on innovation, industry engagement and leads efforts to evolve how modern data security is viewed and used in the industry. Prior to Symmetry, he spent 3 years at Gartner as a senior director, analyst covering a variety of topics across security, risk management and privacy. Prior to Gartner, Mr. Mandy was the global Chief Information Security Officer at QBE Insurance – one of the world’s top 20 general insurance and reinsurance companies. Prior to QBE, Claude held a number of senior risk and security leadership roles at the Commonwealth Bank of Australia and KPMG Namibia and South Africa. Please visit Symmetry Systems: Data Security Posture Management (symmetry-systems.com).