WP Four features your data-centric security strategy must provide | Imperva

Four features your data-centric security strategy must provide

Four features your data-centric security strategy must provide

Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority.

Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process unprecedented volumes of data. The exponential growth of data generated and stored poses significant security risks for virtually all organizations. Organizations must develop a data-centric security strategy to enable security teams and other stakeholders to mitigate these risks.

Data Centric Security Image

In addition to exponential data growth, TagCyber’s report Investigating Data-centric Security Strategies notes that as application and website architectures have gotten more complex, they have become more interconnected with other internal and external applications, providing cybercriminals with more access points to sensitive data. The proliferation of APIs to share data has also added to the complexity of developing a security strategy to protect it.

Enterprise security teams’ inability to manage data volume and complexity and lack of understanding of how and where data is accessed makes it difficult to distinguish malicious data access from legitimate data access. Data security needs require more mature risk management plans. It is vital that security strategies evolve at the same pace as innovation. A modern data security strategy must provide sufficient visibility and context at each stage along the data path and place security controls as close to the data as possible. As environments continue to shift towards being defined by data rather than by individual applications, the visibility, and context provided by data security solutions will be key for the success of an enterprise.

Securing data vs compliance and monitoring

Data security has traditionally been focused on compliance. Historically, many organizations have used Database Activity Monitoring (DAM) solutions to ensure security policies are enforced and compliance regulations are being adhered to. They also provide audit trails and basic analytic capabilities to alert when anomalous access is detected. The current state of data volume and complexity along with the inability of these solutions to enforce security policies beyond on-premise databases have significantly marginalized DAM solutions. As organizations shift from a compliance to a security mindset, DAM is even inadequate as a monitoring tool because modern security threats – like zero-day attacks – are simply unknown to DAM solutions.

In addition to delivering sufficient visibility and context at the data level, an effective, modern data security strategy needs to account for the changes in architecture and privacy requirements. To address these imperatives, TagCyber’s report articulates four requirements a modern data-centric security strategy must include in order to achieve data protection beyond compliance monitoring:

  1. Capacity to apply security policy in the cloud. DAM tools do not work in serverless cloud environments. Your solution must integrate natively with cloud-based data sources to achieve sufficient data visibility and offer a normalized view of the entire data estate across disparate technology stacks.
  2. Embrace “Zero Trust” principles. Tightly control data access and understand what constitutes normal interactions with data for all users. Define policies such as the typical window of time in which certain actions normally occur, who takes these actions and from where. Enable users to get the data they need, without overexposure and without the risk of forgetting to clean up temporary access permissions.
  3. Build-in intelligent data analytics. Capture the full context of all the paths to your data and natively perform analytics to avoid relying on a SIEM tool. Your solution should only send the results of the analytics to a SIEM. Gather all necessary insights in a single unified platform and avoid the cost of processing raw signal data or relying on in-house institutional knowledge to correctly generate analysis.
  4. Provide context. Enrich data and aggregate key views with contextual information including Vulnerability Assessments, Identity Access Management, metadata, and data classification to better understand risk and avoid overwhelming SOC teams with false positives and useless data.

The report clearly shows that all businesses need to make data-centric security a priority and that it is critical for organizations to develop a strategy to allow them to mitigate these risks. Having these four elements – the ability to apply policies in the cloud, an eye to zero-trust methodologies, intelligent data analytics, and clear contextual information – will be critical as a part of a more mature and future-proof risk management plan.

Download the full TagCyber report here.