SBN

Achieve Data Security with Strong Internal and External Perimeters

Securing your organization’s most sensitive content is analogous to securing a busy office building. If you’re in charge of security in an office building, you must protect your tenants amid a constant flux of employees and visitors. You must keep the building, its employees, and their physical assets safe, but you can’t lock everyone out. You also can’t monitor every person, every moment.

You can, however, protect the entrances and exits to establish a secure external perimeter. And, you can lock the doors to your valuables to establish a secure internal perimeter. You can also shrink the overall threat surface by reducing the number of doors.

User apps, such as email, are the entrances and exits for files entering and leaving your organization. Enterprise apps and file stores, especially those where you keep sensitive content, are the doorways to your valuables. To protect your intellectual property, you must consolidate and secure these checkpoints. Restrict and secure the number of ways users can exchange files externally. And, restrict and secure the number of content repositories where valuable files are stored internally.

The modern enterprise spends millions of dollars on cyber security, yet the modern CISO can’t say in any specific detail what information is entering and leaving the firm. If you can’t see it, you can’t defend it. Everyday workflows where employees exchange sensitive information with external parties expose the firm to constant threats, including leaks, phishing, malicious files, and compliance violations. These external workflow threats have a common theme: a user is the actor, and a file is the agent. Complete protection requires a defense that spans the full breadth of the associated threat surface: the collective paths of all files entering and leaving your organization.

In our last blog post, we explored the importance of a CISO Dashboard for visualizing the threat surface and monitoring all sensitive content and IP that enters or leaves your organization. Today, we’ll discuss shrinking the threat surface by constructing secure external and internal perimeters.

Shrink the Threat Surface

Users share files from a wide array of endpoints: email, Web browsers, office apps, mobile apps, and enterprise apps. To shrink the threat surface, you must restrict these applications by controlling unauthorized software installation and deploying a cloud access security broker (CASB) to block unauthorized cloud services.

Shrink the Threat Surface
To protect your intellectual property, you must consolidate and secure enterprise apps and file stores, the doorways to your valuables. Restrict and secure the number of ways users can exchange files externally. And, restrict and secure the number of content repositories where valuable files are stored internally. [Source: Accellion secure file sharing and governance platform]

After reducing the number of entrances and exits, you need to funnel file traffic through security checkpoints, so each file can be efficiently inspected and secured—this can be achieved with simple enterprise app plugins for each endpoint. Plugins should make sending, receiving, saving and retrieving files very simple, otherwise users will attempt easier routes to complete their daily workflows, such as insecure consumer file sharing services. Unless you shine a light on shadow IT with strong cloud storage compliance, you can’t cover all your exits.

To further reduce the threat surface, you must establish a secure internal perimeter around your confidential documents with enterprise content integration, namely unifying access to all enterprise content stores. Otherwise, sensitive files can leak out undetected and malicious files can worm their way into your core content repositories.

Consolidate Content Access

Most organizations face many obstacles and trade-offs that limit their ability to unify content access. For example, legacy content stores may be too expensive to migrate to a consolidated repository. Highly sensitive content might need to be segregated from less sensitive content. Regulatory requirements, such as data sovereignty rules, may prohibit the consolidation of content across international boundaries.

Consolidate Access to the Content

It is less important that you consolidate the actual content, than it is that you consolidate access to the content—the doors. The fewer doors and security checkpoints, the smaller the threat surface.

In the next post, we’ll discuss shrinking the threat surface by constructing a secure external perimeter around file sharing applications and a secure internal perimeter around your sensitive data repositories. Otherwise, sensitive files can leak out undetected and malicious files can worm their way into your most sensitive content. Future posts will cover concepts like hardening the threat surface with data encryption in transit and rest, and advanced security tools like ATP and DLP.

Don’t want to wait? Download the eBook now!
Protecting Sensitive Content in a Dangerously Connected World

Protecting Sensitive Content in a Dangerously Connected World

Discover the 5 strategies for protecting sensitive content against external workflow threats with this informative eBook.

*** This is a Security Bloggers Network syndicated blog from Cyber Security on Security Boulevard – Accellion authored by Cliff White. Read the original post at: https://www.accellion.com/blog/achieve-data-security-with-strong-internal-and-external-perimeters/

Avatar photo

Cliff White

Cliff White is Chief Technology Officer (CTO) at Accellion. Mr. White joined Accellion in 2011. He has more than 15 years of experience in the software industry and web-based technologies. He has also managed global engineering teams and advised C-level executives on software product engineering and best practices. Before joining Accellion, Mr. White developed highly scalable software for imageshack.com, an online media hosting company and one of the most visited websites on the internet. Previously, he led the engineering function for rentadvisor.com, a peer review and recommendation website for rental properties before it was acquired by apartmentlist.com.

cliff-white has 28 posts and counting.See all posts by cliff-white