It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Privilege and Encryption Could Stem Breach Trends

Posted by on in Compliance

With companies, customers and regulators all growing increasingly concerned by the frequency of data security incidents, the search for solutions is on. But as some focus on designing next-generation technology and forging new legislation, several existing answers are continually being overlooked. By adhering to the rule of least privilege and enforcing it with strong encryption, data owners can alleviate many of the fears associated with information loss or theft.

On average, companies are much more likely to have their data compliance and security records ruined by negligent or malicious insider activity than any type of targeted cyber attacks. While that may seem discouraging to some, it should actually serve as a reminder that vulnerability can be significantly reduced by addressing issues well within management's control.

According to CSO Online, too often companies are failing to restrict information access to a "need to know" basis. When employees retain viewing rights to assets unrelated to their specific job roles, administrators are needlessly giving themselves more ground to cover in governance processes. Alternatively, developing a more nuanced classification system allows companies to start down the path toward differential privacy settings that better suit both the organization and individual.

"In an ideal world, the employee's job description, system privileges and available applications all match," financial IT executive J. Wolfgang Goerlich told the news source. "The person has the right tools and right permissions to complete a well-defined business process."

Accounting for anomaly
As IT administrators are well aware, however, the real world very rarely mirrors the ideal. Teams should always be working toward improved alignment and smarter policy, but they'll need contingency plans as they move through that process.

Data encryption software is a perfect complement to these plans. Although administrators may not be completely certain where each and every data set is traveling at a given time, encasing it in a secure folder ensures it will be immune to compromise from unauthorized viewers.

According to Channel Web contributor Kevin Percy, companies should also understand that it is a rather unobtrusive enforcement tool. Although the underlying technology is certainly complex, it remains easy to deploy and runs in the background with minimal operational impact.

Tagged in: Compliance Data Security Governance Security Policy Management

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013