Story image

Five steps to ensure persistent data security across your network

02 May 18

Network security has built in a basic foundation of strong protection across the perimeter, but that border is losing its strength as organisations move to the cloud.

According to Keysight Technologies, applications and infrastructure are increasingly cloud-based, which means businesses need to take a new approach.

Keysight Technologies’ vice president of portfolio marketing, Jeff Hassis, explains: “In its recent report, 2017 State of the Hybrid Cloud, Microsoft found that 63 per cent of organisations are already using hybrid cloud environments.”

“The result is that gaps are starting to appear in perimeter defences, which can be exploited by hackers or malware to steal information and personal data. Organisations need to focus less on perimeter defences and focus their efforts on identifying unusual user or network behaviour, which may be an early sign of a potential breach or attack.” 

According to Keysight Technologies, there are five ways that organisations can ensure network security:

1. Assign roles specific to new threats 
Rather than spreading responsibility across the IT department or giving an existing manager additional responsibility, organisations should put a single person or team in charge of security to ensure the security strategy is given the attention it deserves. 

2. Audit data and infrastructure 
It’s important to know what type of data an organisation is dealing with, including policies attached to each type of data, who has access, and where workloads accessing critical data are running. It’s also crucial to document data-capture methods for compliance. An initial audit and ongoing asset discovery can provide visibility into security and compliance postures in real time. It also lets organisations identify how and where it may be vulnerable, so it can act to close gaps. 

3. Create baselines 
Once an organisation understands its data profiles, it needs to capture expected behaviours. This includes aspects like who is authorised to see data, and how that access is granted or denied, all of which should be recorded and turned into a baseline of expected behaviour. 

4. Monitor for abnormalities 
Monitoring user and network behaviour against baselines can help organisations identify anomalies which could signal a potential breach. This could include a user downloading terabytes of data when their role doesn’t normally require them to do so, or a member of the marketing team accessing server logs. The security team can then investigate further to either stop a breach from happening or verify that the activity is legitimate. 

5. Secure data 
Organisations need to secure their own processes and data. For example, personally-identifiable information needs to be secured through data masking to ensure security itself isn’t the weak link. 

“Security strategies focused on perimeter defences can no longer protect sensitive data against theft in today’s complex IT environments. Organisations need to be able to quickly identify threats and vulnerabilities inside their networks, to keep information safe,” Harris concludes.

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.