Data breaches are all over the news, and organizations are acutely aware that even if they have achieved PCI compliance or SOX compliance, new compliance regulations like the GDPR demand more stringent data security controls. To help you improve your security and compliance posture, we have put together a list of the top 12 data security solutions for protecting sensitive data and passing audits.
#1. Data Discovery and Classification
In order to protect your data effectively, you need to know exactly what sensitive information you have. A data discovery and classification solution will scan your data repositories for the types of data you consider important, based on industry standards or your custom requirements (such as PCI DSS data, GDPR data and IP), sort it into categories and clearly label it with a digital signature denoting its classification. You can use those labels to focus your data security resources and implement controls that protect data in accordance with its value to the organization. If data is modified, its classification can be updated. However, controls should be in place to prevent users from falsifying the classification level; for example, only authorized users should be able to downgrade the classification of data.
Tools like Netwrix Data Classification make data discovery and classification easier and more accurate.
A firewall is one of the first lines of defense for a network because it isolates one network from another. Firewalls exclude undesirable traffic from entering the network. In addition, you can open only certain ports, which gives hackers less room to maneuver to get in or download your data. Depending on the organization’s firewall policy, the firewall might completely disallow some traffic or all traffic, or it might perform a verification on some or all of the traffic.
Firewalls can be standalone systems or included in other infrastructure devices, such as routers or servers. You can find both hardware and software firewall solutions.
#3. Backup and recovery
A backup and recovery solution helps organizations protect themselves in case data is deleted or destroyed. All critical business assets should be duplicated periodically to provide redundancy so that if there is a server failure, accidental deletion or malicious damage from ransomware or other attacks, you can restore your data quickly.
Antivirus software is one of the most widely adopted security tools for both personal and commercial use. There are many different antivirus software vendors in the market, but they all use pretty much the same techniques to detect malicious code, namely signatures and heuristics. Antivirus solutions help to detect and remove trojans, rootkits and viruses that can steal, modify or damage your sensitive data.
#5. Intrusion Detection and Prevention Systems (IDS/IPS)
Traditional intrusion detection systems (IDS) and intrusion prevention systems (IPS) perform deep packet inspection on network traffic and log potentially malicious activity. An IDS can be configured to evaluate system event logs, look at suspicious network activity, and issue alerts about sessions that appear to violate security settings. An IPS offers detection capabilities but can also terminate sessions that are deemed malicious, but usually these are limited to very crude and obvious attacks such as DDoS. There is almost always an analytical step between alert and action — security admins assess whether the alert is a threat, whether the threat is relevant to them, and whether there’s anything they can do about it. IPS and IDS are a great help with data protection because they can stop a hacker from getting into your file servers using exploits and malware, but these solutions require good tuning and analysis before making a session drop decision on an incoming alert.
#6. Security Information and Event Management (SIEM)
Security information and event management (SIEM) solutions provide real-time analysis of security logs that are recorded by network devices, servers and software applications. Not only do SIEM solutions aggregate and correlate the events that come in, but they can perform event deduplication: removing multiple reports on the same instance and then act based on alert and trigger criteria. It also usually provides analytics toolkit that will help you find only those events that you currently need such as events related to data security. SIEM solutions are vital for data security investigations.
#7. Data Loss Prevention (DLP)
Data loss prevention systems monitor workstations, servers and networks to make sure that sensitive data is not deleted, removed, moved or copied. They also monitor who is using and transmitting data to spot unauthorized use.
#8. Access Control
In most cases, users should not be allowed to copy or store sensitive data locally; instead, they should be forced to manipulate the data remotely. Moreover, sensitive data should ideally never be stored on a portable system of any kind. All systems should require a login of some kind, and should have conditions set to lock the system if questionable usage occurs.
In addition, sensitive files should be accessed only by authorized personnel. User permissions should be granted in strict accordance with the principle of least privilege. An access control list (ACL) specifies who can access what resource and at what level. It can be an internal part of an operating system or application. ACLs can be based on whitelists or blacklists. A whitelist is a list of items that are allowed; a blacklist lists things that are prohibited. In the file management process, whitelist ACLs are used more commonly, and they are configured at the file system level. For example, in Microsoft Windows, you can configure NTFS permissions and create NTFS access control lists from them. You can find more information about how to properly configure NTFS permissions in this list of NTFS permissions management best practices. Remember that access controls should be implemented in every application that has role-based access control (RBAC); examples include Active Directory groups and delegation.
#9. Cloud Security Solutions
Individuals and enterprises tend to collect and store more and more data. This has led to direct attached storage (DAS), network area storage (NAS), storage area networks (SAN) and now cloud storage. Cloud storage enables you to store more and more data and let your provider worry about scaling issues instead of local administrators.
Despite these benefits, from a security standpoint, cloud storage can be troublesome. You need to be sure the cloud provider can adequately protect your data, as well as make sure you have proper redundancy, disaster recovery, and so on. Make sure that you encrypt the data, back it up, and implement as much control as possible.
You can get help from cloud security providers that sell security as a service (SECaaS), a subscription-based business model in which a large service provider integrates its security services into a corporate infrastructure and makes them available on a subscription basis. No on-premise hardware is needed by the subscriber, and the services offered can include such things as authentication, antivirus, antimalware/spyware, and intrusion detection. In this way, SECaaS can serve as a buffer against many online threats.
To protect your sensitive information properly, you also need to audit changes in your systems and attempts to access critical data. For example, any account that exceeds the maximum number of failed login attempts should automatically be reported to the information security administrator for investigation. Being able to spot changes to sensitive information and associated permissions is critical. By using historical information to understand how sensitive data is being used, who is using it, and where it is going, you can build effective and accurate policies the first time and anticipate how changes in your environment might impact security. This process can also help you identify previously unknown risks. There are third-party tools that simplify change management and auditing of user activity, such as Netwrix Auditor.
#11. Data Encryption
Data encryption is very important when you have top secret files that you don’t want to be read even if they are stolen. Network sniffing and other hacker attacks targeted on stealing information is so common that passwords, credit card numbers and other sensitive information can be stolen over unencrypted protocols. Encrypted communication protocols provide a solution to this lack of privacy. For example, without Secure Sockets Layer (SSL) encryption, credit card transactions at popular websites would be either very inconvenient or insecure.
Although private data can be protected by cryptographic algorithms, encryption can also be used by hackers. Expensive network intrusion detection systems designed to sniff network traffic for attack signatures are useless if the attacker is using an encrypted communication channel. Often, the encrypted web access provided for customer security is used by attackers because it is difficult to monitor. Therefore, all critical data should be encrypted while at rest or in transit over the network.
Portable systems should also use encrypted disk solutions if they will hold important data of any kind. For desktop systems that store critical or proprietary information, encrypting the hard drives will help avoid the loss of critical information. In addition to software-based encryption, hardware-based encryption can be applied. Within the advanced configuration settings on some BIOS configuration menus, you can choose to enable or disable a Trusted Platform Module (TPM) — chip that can store cryptographic keys, passwords or certificates. A TPM can be used to assist with hash key generation and to help protect smartphones and others devices in addition to PCs.
#12. Physical Security
Physical security is often overlooked in discussions about data security. Having a poor physical security policy could lead to a full compromise of your data. Each workstation should be locked down so that it cannot be removed from the area. Also, a lock should be placed so that the case cannot be opened up, exposing the internals of the system; otherwise, hard drives or other sensitive components that store data could be removed and compromised. It’s also good practice to implement a BIOS password to prevent attackers from booting into other operating systems using removable media.
Another enterprise data leakage instrument is a smartphone with a camera that can take high-resolution photos and videos and record good-quality sound. It is very hard to protect your documents from insiders with these mobile devices or detect a person taking a photo of a monitor or whiteboard with sensitive data, but you should have a policy that disallows camera use in the building.
Monitoring all critical facilities in your company by video cameras with motion sensors and night vision is essential for spotting unauthorized people trying to steal your data via direct access to your file servers, archives or backups, as well as spotting people taking photos of sensitive data in restricted areas.
Each person’s workspace area and equipment should be secure before being left unattended. For example, check doors, desk drawers and windows, and don’t leave papers on your desk. All hard copies of sensitive data should be locked up, and then be completely destroyed when they are no longer needed. Also, never share or duplicate access keys, ID cards, lock codes and so on.
Before discarding or recycling a disk drive, completely erase all information from it and ensure the data is no longer recoverable. Old hard disks and other IT devices that contained critical information should be physically destroyed; assign a specific IT engineer to personally control this process.