By 2020, Gartner, Inc. predicts “connected things” worldwide will reach 20.4 billion, and EMC anticipates the digital universe, or the data we create and copy annually, will hit 44 trillion gigabytes (or 44 zettabytes).
With this deluge of data comes the challenge of figuring out how to protect and secure it all. At the Aug. 10 Data Connectors Tech-Security Conference in Washington, D.C., vendor presentations not only showcased a product and its capabilities, but they also explained why both industry and government need to adopt more advanced ways of protecting networks. They centered on a few common themes:
Achieving Security Compliances
The National Institute of Standards and Technology’s Special Publication 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” mandates the protection of contractor information systems for federal agencies. Gurpreet Manes, vice president of technology for Axiad Identity Solutions, talked about complying with NIST quickly and cost effectively, especially as a compliance deadline nears at the end of 2017 (nonconforming contracts with the federal government could be at risk).
The requirement calls for more secure multifactor authentication and privileged access management, a collection of processes and tools giving an organization visibility and control over who accesses privileged systems and what they are doing on those systems. According to Manes, the essential parts for this compliance are ensuring the identify of the person trying to gain access, guaranteeing this person can’t get more access or rights than allowed, and once that person is in, tracing the actions.
In one case study with a large government system contractor, the solution meant removing password and username vulnerability and using derived credential on mobile devices. Ultimately, this increased security, reduced risk and provided strong MFA.
According to Elton Juter, a regional sales director with Druva, only 42 percent of companies report being able to fully recover data after an attack, with attacker motives ranging from money to disruption. Druva emphasizes the need to protect, manage and preserve endpoint, cloud application and server data while using public and private clouds.
However, today’s tech environment faces various challenges from ransomware attacks hitting servers and an increase in data regulations, to data existing outside corporate firewalls and a lack of protected and backed-up cloud applications. Also, legacy data protection models can’t keep up.
Juter’s three-pronged approach to recovery includes internal awareness, prevention and recoverability. He said turning to cloud backup leads to stronger ransomware recovery and cuts the complexity of data protection by using a single data management platform.
Because of the evolving landscape of endpoints, it’s crucial to make sure every endpoint behaves accordingly. John Heintz, a director of partners and solutions engineering for Observable Networks (recently acquired by Cisco), talked about the importance of IT security with endpoint modeling. Observable Networks, for example, can watch traffic and detect problems of potential data exfiltration. Moving to serverless computer architectures like secure public clouds still requires proper tracking and monitoring, and knowing endpoint behavior gives an organization an advantage over attackers.
Disaster Recovery Plan
Tony DeMaria, an account executive with Carbonite, said the most prominent risk factor for data loss are man-made disasters, followed by technology failures and security incidents. So, it’s important to implement a strong recovery plan with the proper data protection services. According to DeMaria, this means only a solution designed for backup will keep data accessible and organizations need the right tools to recover data. Any solution that takes away from key initiatives hurts productivity. Backing up a copy of data to the cloud with the ability to choose systems to protect, manage backup policies and status-monitoring capabilities can help.
Having strong disaster recovery plans and solutions helps drive true IT resilience, according to Jeff Cochran, an account executive with Zerto. Disruptions are becoming the norm, so it's vital organizations can withstand them. IT resiliency means being focused on continuous availability, having a limited downtime through preventative measures and rapid response, choosing investments driven by the need to serve customers, concentrating on all likely disruptions and emphasizing continuous improvement.
According to a 2017 Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches leveraged stolen or weak passwords. This access is essentially “keys to the kingdom.” Sam Elliott, director of security product management for Bomgar, presented the six steps to securing access for privileged insiders and vendors: secure vendor access, secure insider access, remove risk of shared passwords, rotate and randomize privileged credentials, secure service accounts, and remove threat target with app-to-app security.
The above themes are just a few of the many ways organizations should be preparing for the future of data and connected devices, with services and best practices like these that are available sectorwide.