1
DATA SECURITY
2
CONTENTS
• Why is data security important?
• Difference between data security and compliance
• Types of Data Security
• Data Security strategies
• Data Security Trends
• How data Security and other facets interact
3
WHY IS DATA SECURITY IMPORTANT?
Data security is the practice of protecting digital
information from unauthorized access, corruption
or theft throughout its entire lifecycle. It’s a concept
that encompasses every aspect of information
security from the physical security of hardware and
storage devices to administrative and access
controls, as well as the logical security of software
applications. It also includes organizational policies
and procedures.
DATA SECURITY AND COMPLIANCE
4
What’s the difference?
Data security is the application of deterrents or security
controls to protect data. The level of deterrents or security
is commensurate to how the individual or entity uniquely
“values” the data.
Compliance is applying a baseline of security controls
(people, process, technology) defined by a standard. The
baseline is applied to a specific type of data….typically
regulated; such as health information, financial, personally
identifiable information
DATA SECURITY AND COMPLIANCE 5
Does Compliance equal highest level of security?
No, it ensures a repeatable, stable baseline of security
that can be measured to meet a specific regulatory
requirement
Does highest level of security mean you are “secure”?
Maybe, depends on where you place your security.
Can you cover 100%...probably not.
Data Security and Compliance are key pieces to GW’s
information risk management…ensuring compliance and
placing highest security controls on assets that matter the
most
COMPLIANCE LANDSCAPE 6
http://www.higheredcompliance.org/matrix/
BUSINESS CHALLENGES 7
Digital transformation is profoundly altering every aspect of
how today’s businesses operate and compete. The sheer
volume of data that enterprises create, manipulate and store
continues to grow, driving a greater need for data governance.
In addition, computing environments are more complex than
they once were, routinely spanning the public cloud, the
enterprise data center and numerous edge devices ranging
from Internet of Things (IoT) sensors to robots and remote
servers. This complexity creates an expanded attack surface
that’s more challenging to monitor and secure.
FRAMEWORKS AND STRATEGIES…MORE 8
THAN TECHNOLOGY
NIST 800-53 ISO27001
National Cybersecurity Framework
BUSINESS CHALLENGES 9
The need for data compliance is magnified by maximum fines
in the millions of dollars. Every enterprise has a strong
financial incentive to ensure it maintains compliance.
BUSINESS CHALLENGES 10
Security and compliance are often characterized as two sides of the
same coin—you can’t have one without the other. As cloud-resident
data increases, it raises the ante for the organization to secure ever-
growing data and meet compliance requirements
BUSINESS CHALLENGES 11
BUSINESS CHALLENGES 12
Effective compliance program
BUSINESS CHALLENGES 13
Usage of enterprise data security technologies
ADVANCED DATA SECURITY… 14
Part of a defense in depth strategy to apply higher levels
of security to high value information/assets
• Penetration tests/Red team analysis
• Application code reviews
• System hardening
• Logging
• Intrusion detection
• Staff with advanced training/credentials (forensics,
malware analysis)
EXAMPLES OF DATA SECURITY ≠ 15
COMPLIANCE
40 million credit cards stolen, Target was PCI (Payment
Card Industry) compliant, attacked through HVAC vendor
TYPE OF DATA SECURITY 16
ENCRYPTION – using DATA MASKING –
an algorithm to organizations can allow
transform normal text teams to develop
characters into application using real
unreadable format. data
DATA RESILIENCY –
determined by how well
DATA ERASURE – uses an organizations endures
or recovers from any type
software to of failures – from
completely overwrite hardware to power
data in any storage shortages and other
device. events that affects data
availability.
DATA SECURITY CAPABILTIES AND SOLUTIONS 17
Data discovery and
classification tools –
Data and files activity
sensitive information
monitoring – analyze
can reside in structures
data usage patterns,
and unstructured
enabling security teams
repositories including
to see who is access data,
databases, data
spot anomalies and
warehouse, big data
identify risks.
platforms and cloud
environment
Vulnerability
assessment and risk Automated
analysis tools – these compliance reporting
solutions ease the – comprehensive data
process of detecting protection solutions.
and mitigating
vulnerabilities
DATA SECURITY STRATEGIES 18
Access
Physical security management and
of servers and controls – the Application security and
user devices – a principle of “least- patching – all software
should be updated to
cloud provider privilege access” the latest version
will assume should be followed
responsibility throughout your
entire IT
environment.
Employee Education – Network and endpoints
Backups – maintain training employees in security monitoring and
usable, thoroughly the importance of good controls – implementing
tested backup copies of security practices and a comprehensive suite
all critical data is a core password hygine - of threat management,
component of any “human firewall” detection, and response
robust data security tools and platforms…
strategies.
19
COMMON DENOMINATORS
What are the common denominators?
• Knowing what data you have
• Knowing the value of the data
• Knowing the risks to your data
• Understanding likelihood and impact of these risks
• Accepting a level of risk
20
COMMON RISK FACTORS
• Awareness of information in your care
• Access to information…need to know principle
• Dissemination of information…technology makes it easy
• Lack of knowledge or training of staff…knowing your role,
how to identify and what to do in situations
• Increased visibility of data loss…fines, reputational hit,
accreditation risks, grants
21
BEST PRACTICES YOU CAN TAKE
Referencing back to the Common Denominators slide
• Knowing what data you have
• Knowing the value of the data
• Knowing the risks to your data
• Understanding the risk tolerance
• Ensure you and your team are leveraging available resources
(tools, training, seminars)
• Never hesitate to ask for assistance…better to be safe
22
DATA SECURITY TRENDS
AI – this allows for rapid decision-
making in times of critical need.
Quantum – a revolutionary
technology,
• Multicloud security – the
definition of data security
has expanded as cloud
capabilities grow,
HOW DATA SECURITY AND OTHER 23
SECURITY FACETS INTERACT
Achieving enterprise-grade data
security - the key to applying an
effective data security strategy is
Data security and BYOD - the use of
adopting a risk-based approach to
personal computers, tablets, and
protecting data across the entire
mobile devices in enterprise
enterprise
computing environments is on the
rise despite security leaders’ well-
founded concerns about the risks
that this practice can pose
Data security and the cloud -
securing cloud-based
infrastructures requires a different
approach than the traditional
model of situating defenses at the
network’s perimeter.