12 Tips To Help Shift Your Business To Data-Centric Cybersecurity

Expert Panel, Forbes Technology Council | www.forbes.com »

As businesses handle larger and larger volumes of sensitive data, more information is being stored in the cloud or via email. Securing physical data centers isn’t always enough to keep this data safe, so many businesses are turning their focus toward a data-centric cybersecurity approach.

Data-centric cybersecurity can offer greater protection for your company’s sensitive data, especially in an era where security breaches are far too common. If you’re looking to shift your business to a data-centric cybersecurity model, read on for some top tips from the members of Forbes Technology Council.

1. Educate Your Team

People ultimately control access to data. Educate and empower your team on today’s security risks, including topics on social engineering, mobile security, wireless networks and authentication. When team members have a solid understanding of what could happen and what they can do to prevent it, they are most likely to make decisions that help to protect and secure data. – Caroline Wong, Cobalt.io

2. Implement Analytics-Based Security Controls

The massive volume of data generated in modern businesses simply cannot be analyzed by humans using manual processes to detect and stop cyberattacks in real time. Organizations need to embrace machine-learning-based security analytics technology that can quickly parse large data sets, identify anomalous activities that are indicative of a cyber threat and take action before a breach occurs. – Saryu Nayyar, Gurucul

3. Bring In A Third Party

It is critical to not just have good data security, but also to be very good at it. Unless your firm is also a data-security firm you will need to bring in a third party to oversee. This is good for following best practices and for legal liability shift. There are too many variables to make a blanket recommendation, so having a pro both analyze and ultimately handle it is the safest approach. – Seth Wasserman, Menin Hospitality

4. Incorporate Artificial Intelligence

Analyzing the volume of data and traffic traversing corporate networks has become untenable. Organizations must put in place new AI-based big-data analytics technology that analyzes every piece of data whizzing across the network to understand when, where and why something might be going wrong. These systems baseline normal behavior and automatically identify behavioral anomalies. – Abe Ankumah, Nyansa

5. Perform Data-Centric Cybersecurity Audits

Don’t be afraid to get audited. A lot of smaller tech companies are fearful of doing an audit, but these audits are actually helpful in the long term. Audits are preventive measures that allow more visibility into how you are protecting sensitive information. For example, you might hire an external agency to audit data storage. Ultimately, these findings can only help you protect data. – Ryan Chan, UpKeep Maintenance Management

6. Ensure Proper Encryption And Safeguards

Data is considered the new oil of our generation and should only be accessible to the right people at the right time. To make it so, businesses should enlist the help of cybersecurity professionals to ensure their data is properly encrypted and also has safeguards in place. Last but not least, organizations must train their employees to be abreast of best security practices. – Marc Fischer, Dogtown Media LLC

7. Identify Audit Points And Use Data Masking When Necessary

While much of the focus on data-centric security focuses on primary data stores, don’t forget about other potential audit points, such as logging. For example, while you may have an encrypted database, consider that your Web application firewall might log the requests for data, potentially creating a less secure place where that data may reside. Make sure to mask data in these instances. – Steve Pao, Hillwork, LLC

8. Monitor Data Flows

Companies should fingerprint their internal and external business data flows. This involves baselining communication patterns around who is sending to whom, as well as what type of data is being sent, how much and when. This type of baseline can be done in an automated way using machine learning and statistical methods. This will provide insights and context to detect breaches and frauds. – Vinod Vasudevan, Paladion

9. Build A Risk Portfolio

Security must be handled through a consistent, process-oriented approach pegged to risk-based analysis, which in turn identifies areas of maximum vulnerability. Then, repeat that process over and over again. You can’t flip a switch and be secure; there are tools for everything, and those tools need to be used to build a risk portfolio. – Adam Stern, Infinitely Virtual

10. Prioritize Digital Identities

With the advent of computing and the proliferation of software as a service and mobile apps, the way to protect your data and apps is through digital identity. Know that the digital identities accessing your data and apps are who you think they are and are actually authorized to access what they’re using. Through digital identity, you can not only protect your apps and data but also prove you’re protecting them. – Wes Wright, Imprivata

11. Collect Only The Minimum Amount Of Data You Need

Businesses must shift toward collecting only the minimum amount of data necessary to derive actionable intelligence, as opposed to adhering to a blanket “more is better” approach. Conducting holistic analysis at the group level results in less reliance on sensitive individual data and greater overall intelligence. Businesses can lessen the burden of protection while reinforcing consumer trust. – Yinglian Xie, DataVisor

12. Implement Single Sign-On And Multifactor Authentication

Security starts with authentication as the first control. Everything else depends on it. The concept of data-centric security is all about ensuring rigorous enforcement of identity and then addressing authorized levels of access for authenticated users. Businesses should start with their authentication toolings, such as single sign-on (including monitoring core internals like Kerberos) and MFA. – Jason Crabtree, QOMPLX, Inc.

External Link: 12 Tips To Help Shift Your Business To Data-Centric Cybersecurity

Share this page:

Related Posts