Creating a Data-Centric Security Infrastructure
In a multi-platform environment, sensitive information may no longer be completely under our control. It could be on any device, shared in unauthorized locations, or accessed by the right people in the wrong way. This raises the need to manage every facet of what is being accessed, by whom, when, where, and how.
There are 7 major components to make this happen.
1. Data Discovery. You cannot protect what you cannot find. A comprehensive data discovery system makes it possible to find data, no matter its location – cloud, mobile, local network, etc. Once you know what your data is, you can get a handle on protecting it.
2. Visibility – Data Flow. Get a complete picture of the path data travels over time. For example, a patient record originates with the primary care doctor, travels through the insurance company, and later ends up within the network of the specialist.
3. Classification. Decide what data to protect and how – automatically or manually – based on specific rules. An efficient classification system recognizes data context – such as credit card numbers, PII, PHI, and automatically protects it.
4. Identity Management. Identity and access management is all about defining trust. Data access can be granted according to multiple facets: on a person, an application, a service, a place, and device awareness. Trust may need to be established rapidly and be temporary. Accurate and up-to-date directory information, Multi-Factor Authentication (MFA) and tracking of changing roles in an organization all become paramount. This is especially the case for people or services with elevated privileges to guard against mistakes, identity theft, insider threats or other malicious behavior.