Data-centric Security: Defense in Depth
By Amit Shaked, CEO, Laminar
Last year, organizations saw the highest average cost of a data breach in 17 years, with costs rising from $3.86 million USD in 2020 to $4.24 million USD in 2021. As a result, overburdened security teams are consistently trying to stay on top of the latest threats, vulnerabilities and hacker tactics.
Complicating matters even more is the rapid adoption of the public cloud, which has surged from $270 million USD in 2020 to an estimated $397 million USD in 2022. This fast-paced digital transformation gave way to the rapid development of digital products and services. Unfortunately, the cloud has also blurred the security perimeter and opened up more opportunities for attackers to exploit data.
While chasing down cyber adversaries and attempting to reduce the opportunities for hackers to attack seems like the right step to take, many security teams are missing the point: the data itself.
Be Your Data’s Guardian in the Cloud
Data has gone from a commodity to a currency. As a result, it is just as valuable for attackers as it is for business. Having a solid understanding of the latest cyberthreats is important, but just as critical of an issue is that security teams are almost blind when it comes to data residing in public cloud infrastructure due to the sprawl of cloud services and pace of change for devops.
And how can you protect what you can’t see?
There are three critical steps that security teams must put into motion if they want to maintain efficient and adequate visibility of sensitive data within public cloud environments and ultimately bolster security posture.
- Find a Cloud-Native Security Tool
In cybersecurity, there is no one size fits all solution. However, the cloud is an ever-changing environment which means the solutions must change too. Solutions can now be built into an organization’s public cloud infrastructure to combat data breaches by autonomously discovering data stores and continuously analyzing and remediating risks or leaks. Too often do data security professionals and leaders find themselves unable to see the full picture of their data. Ensuring your security solution can integrate with cloud infrastructure allows for a seamless transition and visibility, identifying data that resides in the shadows.
With the ever-expanding public cloud, and how bloated with data they are becoming, CISOs everywhere are scared about their unknown and unprotected data stores. Criminals are capitalizing on this and repeatedly breaking through these systems due to the rapidly changing landscape – our defenses must adapt.
- Monitoring and Protecting Your Treasured Data
As previously mentioned, a company’s sensitive data can and will be copied and backed up. It is an organization’s responsibility to ensure that this data can be properly monitored and protected. This responsibility can only be achieved by understanding the data, where it is, and where it is going. Security relies heavily on known variables hence a solution without full visibility compromises the entire organization’s security posture.
Whether accidentally or intentionally, human error can cause devastating losses both financially and socially for a company. Up to 85 percent of data breaches now have a human element. All organizations must understand data exposure, who is within their system and why they should be accessing public cloud data at all times, otherwise organizations risk losing their treasure trove.
- Always Have A Plan
The “Achilles heel” in cybersecurity is too often, a leadership team with their heads in the sand. Far too many organizations believe themselves to be immune to the current ransomware crisis looming over industries across the board. It is essential to have an incident response plan and team in place. Excruciating detail should be provided for the roles that each core pillar of an organization should play during an ongoing crisis. Proactive monitoring of the crown jewels allows security teams to be notified of abnormalities and access risks that was not possible a few years ago. This Zero-Trust approach to data allows for less human error and more power into security operation centers.
A Data Centered World
Accepting that technology is fluid and ever-changing will dramatically assist security teams and leaders when it comes to protecting an organization. The cloud is here to stay, and it is being relied upon even more as the pandemic ensues and teams continue to work off-site. Thus, finding the appropriate solution for an organization’s security needs must become a foundational level priority moving forward. Personal and corporate data should be protected as the treasure trove it truly is. Efficient and effective Public Cloud solutions should be able to monitor and protect data silos, revealing what data is hiding in the shadows. It is important to remember that it is incredibly costly for business and reputation if cyber adversaries sell their treasure trove of data to the highest bidder.
About the Author
Amit Shaked, CEO, Laminar. He is also the Founder of Laminar which started in 2020.
FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.