We had the opportunity to moderate an incredibly interesting panel discussion at the SANS Institute Forum back in September, learning from top security executives at Gilead Sciences, Eaton Corporation, and NBN Australia.
The conversation dug deep into the ins and outs of Data Loss Prevention solutions, and in today’s post, we’re going to dive into how organizations can determine what to protect and who to protect it from. The answer isn’t as black and white as you may think.
What Should Organizations Protect?
According to top security professionals, it can be tricky to target specific subsets of data and assets to defend—it has a lot to do with overall maturity and where folks are in their security programs. If you have a solid relationship with your business and you know exactly where your crown jewels are, that is a clear area of focus.
Again, this can be incredibly difficult to do. But going forward, there are benefits that come with advances in technologies, where the industry can leverage them to know what to protect by observing the behaviors around certain assets, rather than having to pre-identify and deploy protection around everything.
What should be protected is a true journey that constantly evolves—your crown jewels may change based on the time of year, state of the business, or any multitude of factors. Rather than creating a laundry list of top assets to defend heavily, modern security programs need to focus instead on understanding behaviors and how people interact with data to identify risks to the business.
Who Should They Protect Their Assets From?
Figuring out who to protect assets or data from is a tall task, one much more difficult than identifying the data that should be protected. The challenge here is with insiders, as it can be hard to tell who should be doing a given task, who shouldn’t be doing a given task, or, for example, where an insider may be a compromised account.
For these reasons, when thinking about who they need to protect their assets against, the correct answer is everyone, because anyone could truly be a threat to the organization.
The Advantages of File Lineage Approaches
Rather than starting by focusing on what and who to protect against, modern organizations have evolved to more sophisticated programs that dial in on understanding file lineage, and how given assets are being interacted with and have changed over time. Modern Data Loss Prevention solutions like DTEX InTERCEPT provide a level of visibility around file activity and how employees are accessing/interacting with different things.
Essentially, by looking at who is interacting with the files, you’re able to infer what kind of data is within those files. If it is primarily HR analysts looking at certain things, it’s safe to say the contents are HR related. If it is a mix of engineering and security gaining access, the contents are more security related and more technical. Thus, you’re able to really take high-level aggregations around who is interacting with a file and gain a rich understanding of the potential contents of the file. While not foolproof, it does give you a good sense of the kind of things you then need to protect.
Why Does This Matter?
By taking this kind of approach, security teams can modernize their strategies by building file classification models that score files based on the activity around them—from low to high-quality or sensitive files. From there, the business can effectively answer the “what” part of the protection equation as they move and evolve.
While there is no one-size fits all approach to any security program, the important thing is to put the technologies and processes in place to ensure that you’re able to adapt strategies for what you protect and who you protect your assets from as your needs change.
Check out our Solutions Briefs to learn more about insider threat, behavioral DLP, and more to protect your workforce and data.