The Endpoint has Disappeared – Follow Your Data Everywhere
by Tzach Kaufman
Where is your data? Who can access it? How are you protecting it?
For most organizations, cloud migration is a when, not an if. What that means, though, is you are assigning someone else the complete responsibility for protecting your data. Whether you are using SharePoint 365, Amazon, or another cloud provider, remember they will only do so much. You may add third-party SaaS solutions via your cloud provider’s partner channel, but very few systems out there can protect against every single brute force attack and/or every onsite system administrator who decides he wants to see what data he can sell from that server in the back corner of the farm, away from the security cameras.
Of course, don’t forget the sharing of files among users across their devices. What if a cloud-shared file suddenly ends up on employee’s home computer? Your data governance policies need to travel with the files to ensure managed access. Of course, if the person leaves the company, you also need to have a policy “kill switch” in place to ensure that you can automatically shut off file access.
And that’s just day-to-day use of your data.
What happens with your back-up systems? Your contingency systems? Your mirror sites? Are you investing in the same kind of security infrastructure that you do for your main daily usage data storage site? Really, though, isn’t the data identical?
No matter what, you need to add an additional layer of protection. Encryption and its related data governance classification and rules are critical to protecting information only daily, but also as part of the back-up system so you maintain protection during disasters.
For complete control and security, you need to extend the perimeter to email, cloud, mobile, and every back-up and contingency environment.
No matter where your data is or where it’s going, you need to sync your security with data governance. You need to have policies in place that determine the who, what, when, where, and how of access, with a complete focus on data-centric security. By data-centric security, we mean the ability to protect the information itself, not just the files but also the granular information within the files, be it a paragraph in a legal document or even single credit card number.
Each piece of information needs to be “wrapped” so that the actual data protection and policies travel with it throughout its useful life time – which means that you need to be able to control when the policies expire so you aren’t still spending the high-cost storage space to protecting the plans for your “latest” design 20 years from now.
Don’t forget the endpoint is a myth. Only in a world without email, the internet, flash drives, external storage devices, mobile devices, tablets, and laptops can data be fully secure within a single network. Make sure you ensure protection, always, everywhere.
Tzach Kaufman is the CTO and founder of Covertix.