CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| |MARCH 20249CIOReviewbeen the cornerstone for years. Whether your network is a traditional strong perimeter/zoned network environment, or the progressive zero-trust architecture design, the goal is to place enough protective layers in ensuring the data is challenging to access and exfiltrate by threat actors but remains seamless and useable by the business. First, let's start with compliance controls. Compliance would be the outer layer that encompasses all organizations ability to build a foundation of acceptable use. This layer enforces the checks and balances required to ensure all employees, and technologies, operate securely. Building and enforcing an understanding that data and information is the key to the company's value, ensures that every employee has a vested interest in keeping data safe. Whether your company is in finance and customer's information is your data or you are in manufacturing and your intellectual property is your data, it is all valuable data to protect.Once a culture is established that balances the organizations security goals and business operations, attention can be directed to the organization's information technology and security operations. This layer builds the operational integrity of the computers and networks that handle data. Building and operating IT programs that encompass asset management, change management, vulnerability management, and incident management provide a way to ensure technology remains healthy and secure against the evolving threat landscape.The preceding defensive layers used in protecting data address the behavioural aspects of an organization's security. They provide guidance, policy, and programs that promote a culture to encourage both the people and IT systems to remain current and healthy.As attention now draws towards security controls, the outside in layering continues. In a traditional perimeter/zoned network architecture, the outer perimeter is the first technological security defense from the Internet. This layer has traditionally been compared to the moat and castle walls of medieval times. The use of firewalls, routers, VPNs, and bandwidth monitoring technologies defend against the initial attacks from the internet. In today's day and age of cyber security, there is always a `knocking on the door' but if this layer is designed and configured properly, the threat actor will not be let in. It should be noted that in a zero-trust network architecture, these technologies are still required but are more distributed depending on the network design. The moats and walls surround individual houses in the village rather than the castle itself.While securing the perimeter, business still needs to be conducted on the Internet. In many cases, the exposure of applications and application programming interfaces (APIs) to the threats of the internet is a requirement of business operations. In this portion of the layered defense, the security of the applications and APIs becomes paramount in ensuring appropriate data is shared to website visitors. This is accomplished through the scrutiny of how the applications and APIs are designed. Balancing how data is being requested, and what data is being shared through secure coding practices helps to ensure business functionality. The software development lifecycle (SDLC) is designed to guide and enforce the best practices and security requirements of software development. Once code has been developed, it is best practices to verify the security configurations through a penetration test. The penetration test will test the applications ability to manage inappropriate and malicious data requests that are routinely the cause of data loss. Routinely performing this validation, as the application and API will undergo changes, ensures any new vulnerabilities in the code are found.Once the application or API has been securely coded and tested, and is now facing the internet conducting business, another security layer can then be utilized that ensures any network requests to our application are legitimate and malicious requests are blocked. Even though the application has been coded properly, attacks against the application still occur. A web application firewall (WAF) provides this additional layer of protection to inspect the requests being made to the application.The last layer of defense is the data itself and the computers that store it. The current strategy has built and fortified layers to protect the network, protect the applications and APIs, and educate employees but inevitably, an adversary may defeat these defenses and reach the computer that stores our critical data. Building a Data Classification program and augmenting it with a Data Leakage Protection (DLP) technology will help capture any exfiltration attempts. Password protecting storage areas and files prevents unauthorized access while encrypting and masking data centers making the data unusable if taken. This approach must be balanced with the fact the data needs to remain accessible and usable by the business.There is no template to deploy these layers in defending data from threats. Cyber security must balance the business requirements to the overall security of that data. As new technologies arise, and new threats emerge, building a layered defense to protect that data remains a core strategy in cyber security. In today's day and age of cyber security, there is always a `knocking on the door' but if this layer is designed and configured properly, the threat actor will not be let in
< Page 8 | Page 10 >