We’re 10 days away from the Rochester Security Summit! The theme of this year’s event? The Right to Privacy: Balancing Privacy and Security. Speakers include cyber security experts from various verticals, who will all touch on the latest trends in security and how organizations balance privacy of data and security of data.
Speaking at this year’s event is Ron Arden, vice president of Fasoo USA. Ron is a strategic partner with Brite Computers and has over 30 years of strategic planning, marketing, sales, business development and technical experience in the information technology and security industries.
Fasoo’s approach when it comes to data security aligns perfectly with our beliefs. Hackers, malicious insiders and privileged users are stealing your sensitive data, and 20th century perimeter defenses are not stopping them. Where are the gaps? If you’re not protecting the data, it’s only a matter of time before you experience a data breach. By attending
Ron’s session, “Closing the Threat Gap: A 21st Century Approach to Minimizing Risk,” you’ll understand how to protect sensitive information by controlling access and use at the data level through continuous encryption and persistent security policies.
Ron’s speech will cover the data-centric approach, which can be started with these steps:
- Step 1. Identify which data is most sensitive. This data could be regulated data, such as PCI, PHI or data unique to your company and its business objectives. Categorize this data based on risk, sensitivity, compliance requirements, etc. and come up with a classification schema.
- Step 2. Discover where your most sensitive data resides. Most enterprises have a very difficult time accurately pinpointing where their authenticated users may have localized copies of the company’s most sensitive data. Ensure that you have the ability to crawl all of your possible paths.
- Step 3. Determine how this data is used. You want to make sure that you have a good idea who accesses this data, who should have the privilege to access this data, what users are doing with it and how this data should be used by those who need access to it.
- Step 4: Apply layered security. Make sure your perimeter security is up to date. Ensure that your most sensitive data is on hardened operating systems that are carefully patched. Check to make sure your VPN, anti-virus, firewall and data-loss prevention solutions are up to the task.
- Step 5. Encrypt your data at different levels. Next, be sure you’re encrypting your data the right way. Disk encryption, data at rest and data in motion are no longer sufficient. A different approach must be used for data encryption. Apply file- and application-level encryption. Require strong authentication and put granular control on your sensitive documents. Then make sure the security policies defined in your repositories extend beyond so that you aren’t left with the challenge of losing control when data is pulled out and localized. When done properly, this tactic will stop many threats.
- Step 6. Continue to monitor and review your risk. Make sure you audit document use, who is accessing your sensitive data and what they are doing with it. If the user behavior is beyond the norm or an unauthorized user attempts to perform an action against an established path, this will provide you with the means to detect and act appropriately. While the above steps provide guidance, organizations may want to incorporate them into a more complete security plan. Hear from Ron on how this is done at this year’s summit.
While the above steps provide guidance, organizations may want to incorporate them into a more complete security plan. Hear from Ron on how this is done at this year’s summit.