A new approach to IT security focuses on identities. In recent years, more and more companies have switched to hybrid and decentralized work environments. With this shift, IT teams have learned that they can't trust the network like they used to.
Employees now have direct access to their company's resources over the Internet, bypassing traditional security tools such as virtual private networks (VPNs) and firewalls. The shift isn't just limited to the network—remote working has proven that anyone can work from anywhere, on any device. With so many new factors to keep an eye on, how do you keep businesses efficiently productive and secure? The short answer is that businesses should focus on two areas - identity and data. Every employee, customer, and contractor has a digital identity, and all of these entities consume, produce, transmit, and transport data. Going forward, organizations should focus on identity and data, and the technologies that protect these elements need to evolve.
Attacks become more individual
Speaking of identity: Targeted attacks are becoming more and more individual. We can already see that attackers are no longer targeting official work emails. Instead, they're having more success with social engineering campaigns sent to employees' personal accounts via SMS messages and third-party apps like WhatsApp.
“This change is due to a larger trend, which is that as technology advances, our personal and work lives are merging more and more. Even before the pandemic, 80 percent of IT and business leaders surveyed by Oxford Economics believed their employees could not do their jobs effectively without a smartphone,” said Sascha Spangenberg, Global MSSP Solutions Architect at IT security provider Lookout. The recent vulnerability at Uber shows that there is little control over what happens to company data on employees' personal devices, which can easily be exploited. As a result, user errors and account compromise could become more common in the coming year.
Contextual DLP prevents data breaches
The downside of identity is the sensitive data that users need access to. This is where a much smarter Data Loss Prevention (DLP) comes into play. There are a few ways that DLP could evolve. One area is the way the technology understands the data content. Identifying sensitive data and personal information is an entirely different task than determining whether a document, file, or object contains sensitive information. Modern DLP solutions give organizations the tools to understand the contents of a file without having to read a 100-megabyte document by hand. In moments, a DLP solution can tell whether a document should be classified for HIPAA or PCI.
Once organizations understand their data, they can begin putting controls in place to protect that data. DLP provides a unified approach to coverage of all data, including email, web, and share traffic. Coupled with user and entity behavior analytics (UEBA), DLP can provide context that enables data intrusion and exfiltration to be predicted and detected.
For example, in the case of a ransomware attack, attackers can be undetected on the network for months before they start moving data to another location. DLP examines this traffic as soon as it begins to flow to another site or server. In the same way, DLP can detect when important files are exposed in an Amazon S3 bucket or Google Drive.
Silo technology is the weak point
Organizations need to be confident that their security tools are capable of applying Zero Trust principles to identity and data. The siled security products that were commonplace in the past are quickly becoming the Achilles heel of enterprise security. The warning signs are everywhere: data security best practices sometimes fall through the cracks, and security breaches are becoming increasingly complex. As data, devices, and users become more connected, IT and security teams need to consolidate their security solutions to avoid the complexity that comes from trying to protect data with multiple tools.
A platform approach can help ensure that all data—whether stored in the cloud, on-premises, or in a private app—is protected under consistent data security policies. The Secure Services Edge (SSE) framework proves that a combination of Cloud Access Security Broker (CASB), Zero-Trust Network Access (ZTNA), and Secure Web Gateway (SWG) in a single platform is a future-proof approach to securing remote workers and for protecting data in the modern corporate infrastructure. “The best way to go one step further is to integrate mobile device security and use solutions like DLP, UEBA and Enterprise Digital Rights Management (EDRM) consistently across the enterprise,” concludes Lookout's Sascha Spangenberg.
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.