IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

Flipping the traditional security model on its head: taking a data-first approach to cybersecurity

By Contributor
Tue 30 Nov 2021

Article by Varonis, Vice President of APAC, Scott Leach.

As organisations become more data-driven, they store more data in on-prem and cloud stores that employees can access from anywhere with phones, tablets and laptops. The security perimeter is much less defined, and endpoints are fungible — very little data “lives” only on your phone or laptop these days.

This digital transformation has flipped the traditional security model, which focused on perimeter and endpoint, on its head. Instead of focusing on outside in, organisations are starting to think inside out, or data-first security.

Data protection is intuitively simple but immensely complex. Why is data protection intuitively simple?

Because if you can answer “yes” to these three questions, and you can answer yes continually, then your data is safe:

  1. Do you know where your important data is stored?
  2. Do you know that only the right people have access to it?
  3. Do you know that they’re using data correctly?

These are the three fundamental dimensions of data protection — importance, accessibility and usage.

If you work in IT or IT security, you know that understanding these dimensions isn’t simple at all.
You probably also know that if you can’t answer yes to these questions, they lead to other questions that have urgent ramifications for CISOs, compliance personnel, boardrooms and shareholders. Questions such as “where is our sensitive and regulated data?” and “where is it overly accessible and most at risk?

The answers don’t come any easier as data keeps growing in on-prem and in the cloud, in applications and data stores that each have their own security models.

Where is our data supposed to be?

The number of places we can put data has exploded over the past few years, and it’s common for users to access their data across multiple devices and endpoints. 

Most organisations now rely on a combination of cloud applications and infrastructure to function in addition to their on-premises infrastructure.

Where is the important data?

Even in the realm of these sanctioned applications, the attack surface is large and difficult to visualise and assess in terms of risk. As a result, some organisations choose to focus their efforts by asking employees to tag files or by using automation to identify or classify regulated or sensitive data with the hope of being able to prioritise data protection efforts.

It certainly makes sense to break an enormous problem down into smaller pieces, but the problem has become so large that even the smaller pieces can be overwhelming. Most organisations are surprised at the number of sensitive files and records they find. Thousands of files here —  tens of thousands there — and the list will be different tomorrow and the next day.

Those that arrive at this place without a clear plan of action can get stuck over what to do next. Some consider a brute force approach, like moving everything they find somewhere else, deleting everything possible, or encrypting everything, thereby restricting access to employees only or a small group who then inherit a large problem.

These solutions don’t solve the core issue, ensuring that data is accessible to only the right people, also known as the principle of least privilege, or more popularly known as Zero Trust.

To make sure access is correct for any data, sensitive or otherwise, you first need to see who has access to it in the first place — this is almost always harder than people realise, especially in the cloud.

Who has access to our important data? Who should have access?

Without the critical context of understanding what data is regulated or sensitive, organisations are making decisions about access. What often comes as a surprise is how hard it is to see who has access in the first place.

Access to data is handled by permissions or access control lists. While the logic is pretty uniform across applications and data stores, the implementations are all different. The specific actions users can take are described differently in each application, even they though mostly fall into the categories of creating, reading, updating, deleting, or sharing data.

On top of these differences, calculating effective rights for a given object or user can be very complex and varies greatly between data stores. Attributes such as object-specific permissions, group relationships, hierarchal inheritance, roles and role hierarchies, and system-wide settings can increase the complexity.

To correctly understand each user’s access permissions, all these attributes and functional relationships must be normalised across data stores and applications. Without this kind of automation, determining who has access to data is an impossibly time-consuming task. It also impairs other day-to-day tasks such as incident response, troubleshooting and audit reporting.

Is understanding access activity any easier than understanding permissions?

It is not. When considering data security, there are several types of events that pertain directly to data protection, including:

  • Data access events - where users create, read, change/update, delete, or share data.
  • Access control changes and configuration changes - which affect the accessibility of data.
  • Authentication events – which users connected to the data store, from where, and with what kind of authentication (e.g. single or multi-factor).
  • Perimeter events – perimeter signals from DNS, VPN gateways and proxies that provide insight into unusual connections.

Because data stores and applications describe these events so differently, it is very difficult to answer questions across them.

If any of the three dimensions – sensitivity, permissions, and activity – are missing, your security falls flat.

Say you only have the activity dimension and not the sensitivity or permissions dimensions.  You might be able to see what data has been taken after a breach, but you won’t know how sensitive that data was, who else was in a position to access it, or whether it’s been incorrectly exposed to everyone on the internet in the first place.

When it comes to data protection, each of these dimensions are needed to ensure robust security.
        

Related stories
Top stories
Story image
Cybersecurity
‘Windows shops’ target admin rights to de-risk their environments
New data shows up to 75% of critical vulnerabilities could be mitigated through a rights and privileges crackdown
Story image
IDC
Collaboration app market revenue grows 28.4% year-over-year
IDC has found that global revenues in the collaboration applications market grew 28.4% year-over-year in 2021 to $29.1 billion.
Story image
Facial recognition
Benefits vs risks of facial recognition technology
Once a distant, futuristic concept, facial recognition technology is now found in many technological applications with a variety of different functions. 
Story image
Cybersecurity
Study looks at gender dimensions of AU security sector
A new study will explore solutions to overcome pressing skills and diversity challenges in the Australian security sector.
Story image
Schneider Electric
Schneider Electric launches SM AirSeT in Australia
The new medium-voltage switchgear uses pure air and vacuum interruption, completely avoiding SF6 greenhouse gas.
Story image
Training
The Sydney Business School extends its SAS collaboration
The Sydney Business School at the University of Wollongong (UoW) has recently extended its collaboration with SAS in order to meet the growing demand for skilful business analytics professionals.
Story image
MarTech
CM Group recognised as Best Overall MarTech Company
MarTech Breakthrough has ranked CM Group as the Best Overall MarTech Company for the third year running and Cheetah Digital as Best Overall Marketing Campaign Management Solution.
Story image
Unified Communications
Gold Coast private hospital improves comms with Alcatel-Lucent Enterprise solutions
With further demands placed on health workers as a result of the pandemic, they need efficient and adaptable solutions that help them effectively serve their communities.
Story image
Mobiles
Demand grows for future-proof mobile access solutions
HID Global, in partnership with IFSEC Global, recently released the 2022 State of Physical Access Control report for the fourth year running.
Story image
Malware
Kaspersky uncovers new attacks by advanced persistent threat group
The attacks involved modifications of the well-known malware, DTrack, as well as the use of a brand-new Maui ransomware.
Story image
Artificial Intelligence
Gartner unveils key emerging tech to watch in 2022
"Such technologies present greater risks for deployment, but potentially greater benefits for early adopters," says Gartner.
Story image
consumers
Data protection: How SMEs can secure online consumers’ trust
Consumers believe how a company treats their data reflects how they treat their customers, according to a new survey.
Story image
Digital Transformation
Federated change is the best path to digital evolution
Businesses that can successfully manage the exponentially expanding masses of data produced by modern consumers will be the businesses that survive and prosper.
Story image
Cybersecurity
Education sector seeing highest volumes of cyber attacks
When breaking down the numbers to education attacks by region in July 2022, A/NZ was the most heavily attacked.
Story image
Biometrics
Can biometrics help? 123% increase in Gen Zs scammed online
In the three years leading up to 2022, the number of Gen Zs who fell victim to online scams rose by 123%, according to Ping Identity.
Story image
Data Protection
Safeguarding your financial data
As the digital revolution marches on, managing data security has never been more important. Here are five important steps to take toward better financial data security.
Story image
Digital Transformation
Top tips for making your finance transformation program a resounding success
Planning to make 2023 the year you embark on a wholesale finance transformation program? It’s a move that will stand your enterprise in excellent stead as you navigate the complexities of the post-Covid business landscape.
Story image
JLL
Investment in APAC cold storage to reach $5 in next decade
Investment in Asia Pacific’s cold storage market is expected to grow fivefold in the next decade, according to JLL.
Story image
Blockchain
Australian Grand Prix uses CENNZnet blockchain for fan experience
CENNZnet was employed by Power'd Digital to deliver the Formula 1 Heineken Australian Grand Prix's 2022 AusGP Access program.
Story image
Lucid Software
Lucid Software expands enterprise offerings with enhanced slack apps
Lucid Software has expanded its enterprise offerings with enhanced slack apps for its Lucidspark and Lucidchart technology.
Story image
Cloud Security
Tenable makes additions to Cloud Security portfolio
Tenable has announced additions to Tenable Cloud Security that represent the next step in assessing threats related to cloud vulnerabilities.
Story image
Data analytics
Pressure on orgs to up their data analytics game - study
A recent report from Sisense highlights data transmission, analysis, and risk management remain top concerns for data professionals in APAC.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Artificial Intelligence
Appier achieves historically high growth rate of 56% YoY
"Our strong momentum over the past two quarters underscores Appier's significant growth alongside our customers."
Story image
Tech job moves
Tech job moves - Fastly, INX, Kinly, SmartBear & Vectra AI
We round up all job appointments from July 29 - August 12, 2022, in one place to keep you updated with the latest from across the tech industries.
Wiise
Discover why a localised cloud ERP is the way to go for Australian businesses.
Link image
Story image
Email scams
HelpSystems shines light on impact of response-based threats
Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41% of all email-based scams.
Story image
Collaboration
Lacework launches new capabilities for better threat detection
Lacework has announced new capabilities that enable organisations to uncover more critical threats to their infrastructure and empower teams.
Story image
Data
Workday research finds A/NZ organisations becoming leaders in digital agility
New research from Workday and IDC has revealed that Australia and New Zealand are becoming leaders in digital agility.
Story image
Low-code
Video: 10 Minute IT Jams - An update from Mendix
Mendix is a low-code platform used by businesses to develop mobile and web apps at scale, and Jornt joins us today to discuss how these offerings work, and what benefit they have in the development process.
Story image
Ransomware
Sophos reveals latest ransomware trend impacting orgs
Sophos has announced in a new whitepaper that Hive, LockBit and BlackCat, three prominent ransomware gangs, consecutively attacked the same network.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Artificial Intelligence
Concentric AI protects sensitive data with new capabilities
The new capability reveals sensitive data shared across email and business messaging platforms and highlights who has inappropriate access to content.
Story image
Artificial Intelligence
Is your chatbot bringing down the customer satisfaction score?
The top 10 reasons why chatbots are failing to meet customer expectations and what you must do to avoid that.
Story image
Data Protection
Advancing genomic sequencing and public health with digital infrastructures
Right before our eyes, we've witnessed the development of the COVID-19 vaccine in record time. An enormous achievement in an otherwise lengthy task that previously took, on average, 10-15 years.
Story image
Contact Centre
Treasure Data launches new customer experience functionality
Treasure Data has introduced a new strategic vision and product positioning for Customer Data Cloud, reflecting the company's focus.
Story image
DevOps
Dynatrace extends application security capabilities for runtime environments
Dynatrace has announced that it has extended its Application Security Module to detect and protect against vulnerabilities in runtime environments.
Story image
Augmented Reality
TeamViewer remote access software integrated into RealWear Cloud
TeamViewer has announced a major expansion of its partnership with RealWear, a leading provider of assisted reality wearable solutions for frontline industrial workers. 
Story image
University of Melbourne
The University of Melbourne implements data ecosystem with Talend
Talend has announced that The University of Melbourne (UoM) has selected Talend Data Fabric for its cloud data platform.
Story image
Digital Transformation
Why it is imperative to keep up with technology advancements
Technology is constantly evolving, which is why digital transformations can often be complicated. What legacy items stay? Will the new and old work together? Or is there a whole new system that we need to introduce?
Story image
Australian Defence Force
Cloudera and ADF partner for e-health management system
The Australian Defence Force (ADF) has selected Cloudera as a strategic data partner to help transform its e-health management system.
Story image
Microsoft
Avast reveals zero-day exploits targeting Chrome and Microsoft
Avast, released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022.
Story image
Customer experience
Scope Australia selects NICE CXone platform to streamline operations
One of Australia’s largest providers of disability support services, has chosen the NICE CXone platform to help streamline its contact centre operations.