Security Think Tank: Data-centric security requires a holistic approach

Effective perimeter security is clearly an important requirement to protect valuable enterprise data. Securing datacentre and office sites remain integral to ensuring that servers and sites are not compromised.

However, good data security requires a much more detailed and thought-through strategy to ensure appropriate protections are in place.

Many of the common causes of data breaches do not involve compromising perimeter or physical security – weak or stolen credentials, application vulnerabilities, malware and insiders are regularly to blame.

And more and more threats are arising as more devices are connected to the internet and computing moves to the edge of modern communications networks.

Security professionals should ensure that they understand the data an organisation processes, where it is stored, what it is used for and what risks would arise if it was lost.

Then they should put in place a range of technical and organisational measures to protect it, including:

• Effective organisational security measures, including appropriate management responsibility and accountability, employee education, data security policies and procedures, compliance records and logs, and supply chain management.
• Effective technical security measures, including network security, access controls, privileges and information barriers, device and software security, data transmission and storage and backups.
• Operational security measures, including monitoring, vulnerability detection, remediation management, data recovery and the application of updates and patches.
• Physical security, such as site access controls and monitoring and appropriate physical information storage.

Failing in any of these areas could leave a business vulnerable. Taking a holistic, data-centric security model is key to prevent data breaches.