By Brent Hansen, CTO, Thales TCT
The evolution of security strategies has changed drastically over the course of my career in IT. I’ve worked with many Fortune 100 companies to help them find best ways to architecturally make their greatest asset—data—simply more powerful. Unbelievably, we never discussed security in the course of conversation surrounding systems of record, meta data management, or business intelligence. We’d talk about data governance, understanding data classification, and how governance was sometimes an obstacle because no one knew where their data resided. These were considered IT’s critical challenges in the pre-breach epidemic era.
Looking in the review mirror, I now recognize the break down between the data practice and those responsible for the data security whose primary focus was on perimeter protection. Fast forward to current days where the perimeter of data security has become the data itself. Data has grown astronomically times a gazillion in the last few years. Data no longer lies behind firewalls and perimeter protections that once created a force field around agency data. Perimeter security will always bel the first line of defense. However, with the introduction of IT modernization, IoT, and cloud adoption, the perimeter, in my opinion, should now be the data itself.
The security policies that once governed data on premises do not apply to what cloud migration and optimization can offer. We must evolve our security policies in order to trust where our data goes in the cloud and that it has the most efficient and potent security for protection. We must separate the authenticated users from the application owners, data store owners, cloud architects, and data and application developers without disruption to the mission.
Agencies must enable data to defend itself. In a security utopia, data would know where it is at all times and if it should it be there, and who or what should have access to it. Data should be able set off alerts if it’s under attack by ransomware or insider threat, or if it should self-destruct. One side note about ransomware, isn’t it just encryption without giving you access to the key to unlock it? It is actually in a very protected state but not by the right party!
Rest assured that there are data security strategies in the industry that offer decision tree approaches to evaluate where in the application stack data can most effectively be protected from breach, insider threat, and ransomware. As it relates to cloud, there is always a trust factor that must be accepted. Cloud Service Providers offer security but it can be difficult to decide what method is best to use and when it’s better to bring your own security to protect your data. Here at Thales Trusted Cyber Technologies, we empower Federal agencies to take decision tree approaches to securing data while make it accessible and useful to those who need it. Evolving a consistent approach to data and what security methods can best be used to apply protection to the data itself is paramount.