Introduction
The concept of data security has changed very little since its emergence as a ‘probably useful to have’ process in the 1980s. However, what has changed significantly is the amount of data—volumes generated annually have grown year-on-year since 2010—and the shape and location of that data.
It is estimated that 90% of the world’s data was generated in the last two years alone, caused by the increased demand due to the COVID-19 pandemic as more people worked and learned from home and used home entertainment services more often.
To understand the changes in shape and location of data, we simply need to look at the technology landscape around us. Around a decade ago, IT security teams were concerned about how to secure USB sticks on employees’ laptops. Today, data is shared via Google Drive, OneDrive, Box, etc. The challenge of how to secure that data still exists, but the landscape has changed, and it needs to be looked at through a completely different lens.
What is data security?
Data security is a relatively simple thing to explain, but in practice, it can be much more difficult to implement. More of that later. First, an explanation. Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorised access. It covers everything: hardware, software, storage devices and user devices, access and administrative controls, and the organisation’s policies and procedures.
See how Data Security can boost your cybersecurity
Why is Data Security important?
Organisations are legally obliged to protect customer and user data from being lost or stolen and ending up in the wrong hands. Data security is key to preventing the reputational and financial risks that will undoubtedly accompany a data breach. A high-profile hack or loss of data can result in customers losing trust in an organisation and taking their business elsewhere. Other examples of the potential harm caused by a lapse in data security include: stolen IP, identity fraud, fake applications for tax credit, or exposure of the addresses of service personnel, police and prison officers.
And then there’s the issue of compliance, which has had a significant impact on data security, both in terms of how it is safeguarded and also in terms of how it is used and when it must be destroyed. Consider the General Data Protection Regulation (GDPR), under which individuals have the right to access and receive a copy of their personal data, known as a subject access request (SAR). If an organisation fails to respond to a SAR, there will likely be ramifications, usually in the form of a financial penalty.
Ultimately, data security is important because not only is it a legal requirement in itself, but it supports good data governance, and helps demonstrate an organisation’s compliance with relevant legislation and regulations.
Where to start with Data Security
An often-quoted phrase in cybersecurity is that you can’t protect what you don’t know exists. A recent survey of UK CISOs found that more than half (57%) of those questioned admitted to not knowing where some or all their data is or how it’s protected. It also revealed that CISOs are most likely to cite an increase in unbacked-up data as a top security challenge.
So much of the challenge with data security stems from the incredibly fast pace of change in companies’ IT infrastructures. The rush to move applications to the cloud at the start of the COVID-19 pandemic is a classic example; a move that created serious data security repercussions that many organisations are still trying to unpick.
New technologies and the growing interconnection of data cause new challenges and risks to emerge over time. The rise of cloud computing, mobile devices, and the Internet of Things (IoT) has expanded the attack surface for many organisations, and increased the complexity of data security. Now a generative Artificial Intelligence (AI) revolution is reinventing data risk yet again.
The days when endpoint security—DLP with a sprinkling of encryption—was an effective data security strategy are long gone. What’s needed is a steep change.
The Known Knowns, The Known Unknowns, The Unknown Unknowns
Knowing what data you have lies at the heart of all robust cybersecurity strategies. A data discovery tool will find where your data is stored across your business and who has access to it. This allows you to identify, track and classify sensitive data and gain visibility.
Data security should involve multiple layers of protection including physical security (e.g. role-based access control, video surveillance); technical security (e.g. data loss prevention, firewalls, encryption, anti-virus software) and policies and procedures (e.g. data classification, data retention and destruction practices).
The types of data security can be broken down as follows, and it’s important to consider each of the following concepts:
Data Loss Prevention (DLP)
Zero Trust Security
Cloud App Security
Network DLP
Email DLP
Endpoint DLP
This is a set of tools and processes used to ensure that sensitive or confidential information is not accessed, used, or shared inappropriately. DLP technologies are designed to prevent unauthorised access and distribution of sensitive data.
BlueFort’s methodology
Our methodology is designed to face the reality of modern cybersecurity. The volume of data is escalating like never before, attack surfaces are increasing, the workforce is dispersing, and the cloud is fundamentally shifting how CISOs and SecOps teams must approach security. More technology creates more risk. BlueFort’s tightly integrated security disciplines make security environments fit for purpose by prioritising assessment, consolidation and optimisation.
Data security is not a point-in-time exercise. The changing nature of your IT estate requires a holistic approach to data security that considers the entire data lifecycle. At BlueFort, this means we operate tightly integrated security disciplines that ensure continuous discovery, validation and control of your data across your IT estate, wherever it is—in the cloud, on a private server, mobile devices, or IoT. Our methodologies are driven by industry standards, including NIST, ISO 27001, CyberEssentials+ and CTEM.
What you need to know
-
What is the biggest threat to data security?
The biggest threat is cyber attacks, including: phishing, malware and ransomware, jeopardising sensitive information and compromising the integrity of data systems. -
What are the 3 principles of data security?
The three key principles are confidentiality (ensuring data is only accessible to authorised users), integrity (maintaining data accuracy and reliability), and availability (ensuring data is accessible when needed). -
How do you secure big data?
Big data security involves encryption, access controls, regular audits, and advanced threat detection mechanisms to safeguard large datasets from unauthorised access, ensuring the confidentiality and integrity of information.
Delivering cybersecurity with the power of Evolve
BlueFort’s Evolve allows you access to flexible and on-demand cyber skills and expertise to help you deploy any new solution and fill in any cyber skills shortage you may have.
Why work with BlueFort?
BlueFort is the UK’s leading independent Security Solutions Partner (SSP). Our unique combination of people and technology is focused on simplifying your cybersecurity journey. With a curated suite of tools, products and skills, BlueFort partners with CIOs, CISOs and SecOps teams to simplify, consolidate, and optimise their cybersecurity environment.
BlueFort’s carefully tested suite of tools and technology simplifies the chaos of the cyber landscape, while its in-house experts provide a rapid and immediate solution to the cybersecurity skills shortage, reducing pressure on internal security teams and delivering ongoing, on-demand cyber resource flexibility.
When it comes to data security, it’s an age-old problem, but today’s IT landscape is very different. It needs to be looked at through a new lens. Our data discovery methodology will provide an accurate picture of your organisation’s data, including what data it is, where it is stored, how it is used, and how sensitive it is. Should we still even have this? This is the first crucial step in implementing an effective cybersecurity program.
“Without Evolve, we would have to get in additional resources for bespoke deployments, and we would certainly have to spend a lot of time in the research phase to make sure we are buying the right technology. We use BlueFort’s expertise to guide us down the right path – I wouldn’t hesitate to recommend them.”
Gary Lewis, Head of IT, Atrium Underwriters