Enterprise-level data security: Big picture first; details foremost

It is critically important not to lose the small gaps with looking at the bigger picture, i.e. enterprise security.

The reality of SAP in today’s business operations

Business and operations rely heavily on SAP applications to handle product lifecycle, finance, customer relationship, human resource and many other processes. These applications store and transact vast amounts of business-critical information. SAP clients have long realized that their business are powered by information. However, most SAP users are unaware of a hidden danger – data leaks due to uncontrolled user downloads and data flows in the background. Thus, with digital transformation, solutions that monitor and block such leaks from SAP applications become a must.


How do you secure your precious data on premise or on the cloud? Watch! ‘SAP Security On Premise and in the Cloud with Halocore’ ?


In such a scenario most enterprises use three principles to ensure strong access control and data security by all classes of users within and outside the enterprise.

[1] The concept of ‘Least Privilege’

This principle stresses importance on minimal visibility and access to data – only as much as a user exactly needs to perform his/her task and not a byte more. Many enterprises recognize this principle and also enforce this to varying degrees within the organization – but to varying degrees of efficiency. This is primarily due to associated complexity that arises from precise access control. The fact of the matter is that almost every user inside and outside an organization tends to have more access than is actually required, and this could be a major cause of concern. One reason, but definitely not the only one, is the cost-reduction policy of BYOD (Bring Your Own Device) by which every employee could access corporate data from their on their personal devices. So while providing actual least privilege significantly limits an enterprise’s exposure, it still leave a large window open.

[2] Do you mean ‘enterprise’? Then it’s a question of managing scalable security

Enterprise-wide operations, especially in a growing one, enabling and removing operational access to employees is a tough task. Multiple departments, systems and applications make the landscape complex. Imagine the amount of processes and the complexity when provisioning employees in companies that have thousands of different systems and applications. Automated solution definitely enable the process to a very great degree. But the moot point is: Would this suffice?

Obviously, no.


If you use Microsoft Information Protection, then why not leverage it to secure your CAD files? Watch this video to know how.


A blind spot in your ERP landscape puts your IP at risk

On a regular basis, users export sensitive data from their ERP applications, such as SAP, to generate reports, spreadsheets, PDFs, and other documents. The information is then downloaded and stored on devices, such as USB thumb drives and local hard disks, or, increasingly, on mobile devices and in cloud storage solutions, such as Dropbox and Microsoft OneDrive. Such data often end up in places beyond your control, such as on the file share of an untrustworthy partner or the inbox of a competitor. Even on trusted employee devices, with the increase in sophistication of malware and Trojans, the risk of data loss has never been higher.

Rules and policies laid down by regulatory bodies are being made increasingly mandatory making non-compliance not only a matter of the law, but also detrimental to business.

While the IT security industry has been attempting to meet these requirements for many years through solutions, such as Data Loss Prevention (DLP), application firewalls or file storage encryption, there are still cracks in the armor. The problem with these approaches is that they are many steps away from the point where data leaves the secure perimeter of the application and its access control mechanisms.

The market research specializing on data security is replete with statistics (not all of them false!) about the plethora of security incidents. According to a report by Verizon, there were supposedly 53,308 security incidents resulting in 2,216 data breaches in 65 countries just in 2018. Of these “over a quarter (28%) involved insiders” [1].

[3] Monitoring for data security

This iterates the need for monitoring and detecting any unauthorized data leak, which as per the Verizon report, takes months or more to discover (almost 68% as stated in the report).

Robert S. Mueller, former director – FBI, has stated that, “…there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” The underlying fact of this statement is clear: Every business entity will be attacked at some point – if not today, tomorrow for sure.

Constant vigilance is the price of security

Effective data security requires a constant vigilance – monitoring and real-time reporting on any data breach occurrence. It is imperative to identify unauthorized bad traffic from the authorized good ones, whether that data transfer is done by a user or a protocol-dictated system upstream or downstream.  It is encouraging to note that enterprises are beginning to take cognizance of this and are allocating budgets and resources towards such initiatives. As per ISACA’s 2018 State of Cybersecurity research report, “64% of enterprises were expected to increase their cybersecurity budget in 2018 — up from 50% in 2017”.

The first step: Choose the right partner

The first step that IT and business leaders need to do in getting such capability is to identify the right technology partner who would be able to provide the right tools to enable this along with deep know-how of the enterprise world. Ideally such partner should be able to not only provide monitoring (auditing and report generation) capabilities, but also help ‘action’ the outcome – either block unauthorized data from leaking or robustly protect authorized data throughout its lifecycle wherever it may go or reside such that only authorized persons may use the data as per legitimate requirement. At the end of the day, it is important to remember: Encryption is the most robust form of defense in an enterprise’s multi-strata data security strategy.

For more information on how your enterprise can monitor its data flows, visit www.secude.com

Reference

[1] Verizon 2018 Data Breach Investigation Report: Insider Threats & Monitoring

[2] Trump criticizes China’s trade practices at U.N., will not take ‘bad deal’

[3] ISACA, State of Cybersecurity 2018

Related Reading

[1] Apple and Tesla Story Needn’t Be Yours

[2] Three Simple Tips to Keep Your CAD Files Safe and Secure

[3] Five Types of Insiders who may steal your Company’s Data