by Carlos Rodrigues, Vice President Latam at Varonis
Compromised credentials and identities, third-party breaches, API attacks and application exploits are key entry points for hackers. The security challenges facing organizations are becoming increasingly daunting. Cybercriminals are more organized than ever and even use techniques employed by legitimate IT companies, such as project management and custom development best practices. Some organized cybercrime teams have reached a level of expertise equivalent to that of a qualified penetration testing unit.
Until security teams can answer in real time what data they have, who has access to it and how it is being used, organizations will continue to fail to quickly communicate the extent of cloud breaches.
To deal with these growing threats, many organizations are adopting a Zero Trust security approach that requires all users, both inside and outside an organization’s network, to be authenticated, authorized and continuously validated for configuration and security posture before being granted access to applications and data.
Zero Trust principles, applied to identities, network or data objects, help organizations to systematically improve security risks in each of the aspects of visibility, detection, response and protection. However, implementing Zero Trust for data without breaking business logic is a new direction that requires a careful shift from Posture Management to Detection-Response to Protection to avoid creating business risks or disruptions.
As they strive to implement a zero-trust approach, organizations and their IT teams must understand that it is a process, not a destination. The steps an organization takes towards the concept of zero trust will evolve as various factors change, including the organization’s business needs, the threats it faces and the security solutions it uses.
As they work to implement a Zero Trust approach, IT teams should focus on three essential elements:
- Visibility – When companies have visibility into their data security posture, they can determine and define policies for enhanced protection in cloud-based organizations to help them better determine how objects should be handled. Data security posture management (DSPM) tools are a good starting point for your Zero Trust journey.
- Detection and Response – an organization must be able to reliably determine the identity of users accessing specific sets of data, thereby protecting them against the misuse of such identities through phishing or app-sec breaches.
- Protection and Governance – Organizations must create permissions and rights, issue clean-up campaigns and set up governance models to be configured to proactively prepare to respond to detected cyber security incidents. These are long-term campaigns with great strategic value and are therefore informed by refined visibility of how data objects are used in different business functions.
Data is valuable and an organization’s most persistent asset. It is essential that organizations can respond quickly: Where is their data? Who has access to it and is that access monitored? Does your organization maintain authority over this data so that excessive or inactive privileges can be revoked when necessary?
Answering these questions is fundamental to a modern cloud data security strategy, especially when faced with the challenge of operationalizing access control or data security without breaking business logic. If they are not answered, organizations will continue to invest time and resources in tangential protections around networks and applications that leave significant gaps for data to be exploited or taken to ransom.