Where is your data located?
This is a very simple question, but many organizations fail to answer it with 100% certainty. Whether it’s in your virtualized hosting, in databases, in SaaS-based file shares, or in your admin’s local drive, it is absolutely important to know the exact location of your data.
Without this information, you are not protected against attacks or data breach!
Who has access to your data?
Great, now that we know where the data is located, the next step would be to understand who has access to this data. This could be direct access by admin, an API, applications, or unauthorized access from unknown sources. Remember, applications are your front line to access the data, perhaps hosted in the back end database!
It is crucial to know who, and with what authorization level, has access to which data in your organization and for what duration of time!
Is it protected, and how well it is protected?
We know where our data is located and who has access to it. Now it’s time to protect it. So the question comes up, what is the value of the data, to prioritize the protection mechanism accordingly?
The value of data, in this case, could be driven by its financial value to the business, or the damage caused to the business if it’s been breached by unauthorized access, irrespective of the motives behind this unauthorized access. Is it intellectual property, or could it cause regulatory issues and fines as a consequence if it’s been breached? Would it cause brand damage and public embarrassment, and of course, financial damage if it’s been breached and announced?
Data protection methods could be different depending on the location of the data and depending on whether it’s hosted in the cloud, endpoints, virtualized servers, databases, file shares, or in datacentres. Irrespective of the location of the data and its protection mechanism, it is important to know which data is protected by whom, or what control, and how effective the controls are, in protecting the data. You might have a proxy, Web Application Firewall, Network Firewall, and Endpoint protection systems, but how effective are they in protecting against threats, and how much of your risks have been mitigated by these controls?
CyberDNA is a human/data-centric security company and can help you in discovering your data, managing access to it, and protecting it from threats. We believe together we can uplift your organization’s security posture and minimize the risks. Contact us to receive more information and plan together for your data protection.