Organizations need to think about the realities of today’s cyber world and realize that very technologically sophisticated thieves may try to steal their information. It only takes a glance at the news to witness hackers targeting multiple organizations and their intellectual property, personal information and health records. Gone are the days when only very large companies had to worry about cyber attacks. Today anyone with valuable information is targeted.
Both hackers and trusted insiders are potential threats to an organization’s sensitive information. While a hacker, whether criminal or state-sponsored, intends to steal information for monetary gain or to undermine or embarrass an organization, a trusted insider may be an employee or contractor that has access to sensitive information as part of their job and may deliberately or mistakenly share that information with unauthorized people
Attacks from hackers come from outside an organization and typically exploit weaknesses in perimeter-based security. A trusted insider with access to sensitive information can easily share it with an unauthorized person through email, a file sharing service or a USB flash drive. Sometimes an insider unintentionally sends sensitive information to an unauthorized person. Whether deliberate or accidental, the result is the same, your sensitive information is gone and you may have to declare a data breach and notify local, state and federal authorities.
A great way to protect your sensitive data is to use a data-centric security model with people-centric policies. This multi-layered strategy protects, controls and traces an organization’s unstructured data in a constantly changing business environment. Rather than solely relying on perimeter-based security, which protects networks and systems, applying strong encryption and persistent security policies directly to the data is the best way to prevent a data breach and to mitigate the risk of a cyber attack.
Since you are always in control of your encrypted data, if a hacker or other malicious entity accesses something of value, it is rendered useless to them. Unless the person has specific permission and access rights to the information, the data is unreadable. If you suspect a trusted insider has malicious intent, you can revoke their access immediately. Strong encryption that relies on a trusted certificate-based system guarantees that only those who are authorized can access sensitive information.
Protecting intellectual property and other sensitive information from state-sponsored hackers, criminal groups or malicious insiders should be a top priority both in government and private business. Just like a strong lock will deter a thief from breaking into your house, applying data-centric security to your valuable digital information will do the same. Thieves will look for an easier target.
About the Author
Ron Arden is vice president of Fasoo – North America and has more than 30 years of strategic planning, marketing, sales, business development, consulting and technical experience in the information technology and security industries. He holds a B.S. in electrical engineering from the University of New Hampshire, has spoken at numerous industry events and is a regular contributor to the Fasoo blog.