13 Apr 6 steps to getting your data in shape
Unstructured data is all around us. Strictly speaking, unstructured data is any that does not have a specific schema or model defining how it is stored and delivered. Recent estimations state that 70-80% of all organizational data is unstructured. While this revelation has created many opportunities in the field of data analytics, it has also shed some more light on a cybersecurity nightmare known as data security. When it comes down to data security, it is definitely non-trivial to get your act together. By following the steps we’ve laid out below, however, you will be able to get a better handle on your data. Read on for some tips on understanding where critical data resides, and then adding structure to the chaos that is unstructured data in order to better monitor for and detect data security events.
Starting out – figure out where your data resides
First things first; you can’t secure that which you can’t find. If you have terabytes (or more) of unstructured data in your environment, you need to understand which data is critical – and where that critical data resides. Take stock of any network accessed files or databases, as well as the applications that use or create the data in those stores. Implementing data security controls requires knowledge of your file systems and shares, as well as how they are accessed. In order to lay down a proper foundation for data security, you need to understand where your data lives.
Knowing where your data resides is great. The key to managing your data in a secure manner, however, is to ensure that you are taking proper care of it. For instance, you should check to ensure that you do not have data duplication, ensure that there any retention policies are being adhered to (and that data is deleted after retention is up), and keep track of files that are rarely used. The cleaner your file systems stay, the easier they are to protect.
Classify your data
Once you know where your data resides, you need to figure out what type of data it is. Classification of data allows you to quantify sensitivity and thereby provide a basis on which your data security controls can provide protection. Data classification means declaring level of criticality, and therefore sensitivity, as well as noting which types of activities (such as R&D, finance, etc.) leverage said data. Once your data is classified, your data security controls can do a much better job of monitoring and protecting your organization’s precious data assets.
Figure out where your risk lies
Now that you understand where your data is, how it’s used, and how sensitive it is, you can discern where the most risk resides. By figuring out your data’s purpose, and therefore the sensitivity and criticality of the data, you can determine which threats might affect said data. Understanding the threat landscape, probability of compromise, and asset value or criticality then helps you determine risk. Once you understand how risky your environment is for your data, you can start prioritizing access controls to help bolster your data security. Create a risk matrix or heat map to illustrate where your organization faces the most risk, so that you can sell executives and/or the Board on requisite access controls. Remember: knowing is half the battle!
Fill in the blanks: _________ has access to ________ data
Now that you know where your critical data resides, the threats to that data, and their associated risk scores, you can check out your access lists to see who has permissions to view, modify, or delete data. Data security requires that you understand who can access your data, as well as who should have access to your data. Check data permissions to determine if they are created based on office location, job function, or some other fancy access control schema. Determine if access is granted in a controlled manner, or if there are many single users granted permissions. Audit your directory as well; sometimes users move to a new group or leave the company, yet retain access to files that they no longer should. Knowing who can read, modify, or delete data – as well as who should be able to – will help you when it comes down to the next step: controlling access.
Watch your RBAC
Role-based access control, or RBAC, is key when it comes to controlling access to your data (or any other assets, really). RBAC helps you enhance your data security posture by adding an authorization component to data access. Even though a user may be authenticated to your network, they may not be authorized to view some critical data. Create role-based groups in your directory structure and assign permissions to those groups on an as-needed basis. Ensuring that only authorized users are able to read, modify, or delete data will help you provide optimal data security. RBAC also provides a mechanism for monitoring user behaviour and their data access activities.
When it comes down to enhancing data security, knowledge is power. Performing the above steps will help you compile the key information about your data, thereby adding some structure to your unstructured data. Once you have the requisite knowledge, you will be better prepared to monitor your data’s integrity and access control. You can next leverage tools such as UBA solutions or DLP sensors to monitor your data as it flows through your network and your users’ systems. Data that has been classified should show up in bright lights if your sensors are configured correctly. When you know which users or groups are supposed to access critical data, you can then create a whitelist that will monitor but not alert on normal data access. Also, leverage these tools to Make sure that you are able to see not only network transfers, but transfers from workstations to external devices as well. Once you have reached this step, you are much less likely to wake up sweating at 2:00 am screaming about data loss.