By Brian Platz, CEO and co-founder, Flurry
A goal-rich environment
Meanwhile, there have been reports of cyber attacks as a result of Russia’s aggression in Ukraine sparseSome experts say the cyber-conflict war theater has become a constant Since the beginning of the war. Others To warn Russian President Vladimir Putin could launch a serious cyber campaign at any moment. Then there are those who say we’ve witnessed date presages The future of cyber warfare.
Outside of the war in Ukraine, global cyber-attacks have declined sharply In February – A total of 5.1 million record violations – compared to January’s total of 66 million record violations, According to IT Governance, a UK-based agency.
Consider the 1,001 data breaches in 2020, to address the challenge over the entire year Tracked by Statista that affected 155.8 million.
The lack of public cracks in cybersecurity over the past few weeks, coupled with Russia’s ongoing aggression, has created a certain amount of tension among those who fear that the worst is yet to come.
Yet, that suspicion also triggered a conversation that cybersecurity professionals should have – one that could revolutionize the way we think about data security.
Weaknesses remain manifold. Due to the exchange of information by friends and colleagues, including email and text, today’s global data architecture has a virtually unlimited goal; Social media posts; And other forms of communication between companies and businesses. Virtually every API represents a potential vulnerability. Akamir 2020 State of Internet Security ReportIn fact, it has been found that 75% of all financial services industry cyber attacks target APIs. The result is a system of countless data silos, with a mature detached surface for each attack.
Perhaps on the contrary, despite the hackers demanding grand prizes, the data remains unprotected. Instead, security investments continue to be focused on online infrastructure.
The rise of cloud-computing coincided with the number and type of mushrooming of devices connected to the cloud. Such personal devices and associated WiFi networks represent another category of risky information.
Today, apps handle security – it’s backwards
Security should be enforced by data – security should be baked into the data in such a way that security and data become inseparable. The protective structure around the data will become redundant. Data-management responsibilities are, in other words, transferred from the application level to the data level.
And staff overseeing various aspects of data – for example, data-governance leaders – should reach out across the isle and engage with data-management and data-security leaders to create a set of data-centric policy enforcement guidelines.
To borrow a phrase from a July 2020 Post In NetApp’s blog, a hybrid cloud data services company headquartered in California: “Security controls should be as close to the data as possible.”
Think of it as a matter of data quality control.
It can take many forms. One might say that members of different departments of a company will be allowed to view information in different areas of that business, but only members of certain departments will be allowed to update department-specific data. Another is that everyone can view a catalog of university or college courses, but only a school administrator will have the power to edit the information in that catalog.
Both examples are examples of defending the data itself.
As information travels across storage systems, applications, and various business contexts, its security remains intact – regardless of the type of network or application security. The data itself controls the permissions and rules regarding identity and access. Those permissions and rules exist throughout the life cycle of information.
Advantages of data centric security
While security exists within the data level, rewards include data theft and loss reduction, improved governance and compliance strategies, and risky low levels for attacks combined with greater delivery speeds.
The current security logic requirements are being re-applied across apps, data leaks, middleware and APIs. Instead the security argument is automatic and scalable. This solves a problem identified 2021 Verizon Data Violation Report It has been observed that increased automation increases the offensive attack as much as it removes the needle on the defense.
Consent naturally includes whatever the overall governance strategy. And, developers no longer spend time and energy on security and governance activities. Their sole responsibility is to build better applications and APIs.
Effective data-centric security policies succeed in three areas: management, tracking, and security. The first enables organizations to define policies on who determines access, contribution, and use of data. Tracking establishes a data supply chain monitoring system when it runs through the system and users. The final part closes the agreement by imposing protocols for identification and access.
The paradox of more rules governing data, including the European Union 2018 General Data Protection Regulations And 2018 California Consumer Privacy Act, That more information than ever before is being shared by more people and organizations than ever before ৷ Information sharing and brokerage have become commonplace. Such a complex data supply chain calls for more robust security.
The key is to identify the rules to make data-centric security as impenetrable as possible. Part of this approach has a maxim that has recently gained even more traction among cybersecurity experts: verify but never believe. Verification depends on the authentic cryptographic identity associated with the various approvals. These rules work because they can be complex and arbitrary. Enforcement goes beyond the database connection, answering questions such as, is the user linked to the data? Or, do users and data belong to the same organization?
The sooner data-centric security is adopted as a best practice, the more quickly today’s arguably numerous data vulnerabilities will disappear. And, reports of data breaches that the public has accepted as normal and routine will go away.
About the author
Brian Platz Flurry is the co-founder and CEO of PBC, a North Carolina-based public benefit corporation focused on transforming data security, ownership and access with a scalable blockchain graph database.
Platz was an entrepreneur and executive in the early days of the Internet, and founded the SaaS Boom, a web development community in addition to the popular A-list, and the host of many successful SaaS companies.
Prior to founding Fluree, Brian co-founded Silkroad Technology, which grew to 2,000 customers and 500 employees in 12 offices worldwide. Brian A can be reached online bplatz And a www.flur.ee.
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 In accordance with US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not a copyright infringement.” As a matter of principle, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of a copyright owner. Cyber ​​Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber ​​Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.