Not long ago, people used to come to work and work off of a desktop computer, tied to the network. Today, they work on their mobile devices, physically untethered to it.
In fact, the majority of the work and email is done on mobile devices, and this changed how people interact with data and how we keep it safe.
Prakash Linga at Vera HQ
This shift is why it’s important for businesses to maintain a certain level of visibility when it comes to data, and have the ability to use tools like Dynamic Data Protection (DDP) to ensure that if policies need to be adjusted for specific users, IT admins can do so in real-time.
“As information travels, this introduces new ways to access data and collaborate using tools like Dropbox and other productivity tools, so security must also evolve and change to keep pace,” says Prakash Linga, CTO of data security company Vera.
“On top of that, it’s not longer sufficient to rely on perimeter defenses when it comes to information security. You have to collapse the data control and policy enforcement down to the data. Any effective, and usable data security solution will encompass the best of both worlds: it will secure information with granular and flexible policies, and enable employees to continue their workflow seamlessly, while still giving companies optimal security.”
A perfect enterprise data security solution
Data control and visibility is a huge problem that large and small companies need to be mindful of.
A good data security solution is one that works as you want it to but it’s also equally important that it’s easy to use by your employees, management, and partners.
The best technical solution will not mean much if they don’t want to use it because it gets in the way of their work.
“In an ideal world, you want your users to maintain productivity, while still giving IT the confidence they’re doing so in a secure way,” Linga points out.
“Organizations spend too much time and money trying to focus on one aspect of the problem by adding more defenses, rather than focusing on the primary reason employees aren’t using the security tools already in place.”
The ideal data control solution should also offer robust data control tools with a user-friendly backend, to make life easier for IT and security teams. Managing policies and data at scale is a challenge and, according to Linga, this is one of the reasons why Data Loss Prevention (DLP) hasn’t taken off as expected.
A great data control system will be one that fits well within a specific and complex enterprise ecosystem – across different companies, meshing well with existing collaboration and productivity tools, and covering every data workflow.
Finally, the solution has to be always on, so that organizations can be confident that their most critical business information is secure whether it’s at rest, behind a firewall, or has been moved outside their network.
“For a lot of security savvy people, it’s all about having strong security controls. What we’ve learned from conversations with customers, prospects, and industry research is the biggest problem is keeping honest users honest,” says Linga.
“I’m referring to people who inadvertently share information they shouldn’t. For example, an executive accidentally fat-fingers a confidential financial document or earnings report to the wrong person.”
Data control and the Internet of Things
“The nature of data is changing rapidly. Today, it’s mostly collaboration and exchange between two people, but tomorrow it’s with IoT and other devices and approaches,” says Linga.
We know that makers of IoT devices and the software that makes them “smart” regularly disregard security, and that IoT is slowly infiltrating both homes and offices.
“Small quantities of data is often shared between devices and, if you look at the information as a snapshot in time, it might not be sensitive or something you care about at that moment. However, over an extended period of time, you may start to see patterns, and it becoming more relevant from an enterprise and consumer standpoint,” he adds.
Enterprises will have to find a way to keep on top of things, and be ready to pivot as fast as needed to tackle the known and yet unknown challenges of data security in the age of IoT.
“Both security and privacy needs to evolve for the new workflow around data and collaboration,” he concludes.
from Help Net Security http://ift.tt/2bO2Rvc
0 comments:
Post a Comment