The case for data-centric security in 2022

As far as cyber security is concerned, the new year has begun anything but new beginnings. Sadly, now four months into 2022, the reality of our cyber crisis is still the same – more attacks and more breaches, but the same reluctance to move away from outdated security controls and outdated approaches that are failing on a global scale.

In the past few weeks, we have seen cyberattacks become a new facet of war. We’ve seen major chipmakers, billionaire news giants, automakers, school systems, and oil companies fall victim to a variety of attacks resulting in service disruption, lost revenue, and lost data.

This above list of organizations is not made up of small mom-and-pop businesses with non-existent cybersecurity budgets. It’s full of global brands with significant investments in sophisticated security. So why, then, do the companies that essentially do what they’re supposed to do, at least by general industry convention, still make the headlines? This is because these attacks, like most of the 2021 incidents that preceded them, were common byproducts of the lack of data-centric security across the cyber community.

We’ve seen this movie thousands of times, but we keep misinterpreting the plot: the villains aren’t stealing the network itself—they’re stealing (or destroying) the data.

All too often, companies are exposed for failing to adopt security approaches that address an evolving threat landscape where sophisticated threat actors and ransomware gangs are more powerful and better funded than ever. Today’s mainstream cybercriminal can easily bypass the thin veil of passive security controls present in data storage systems, allowing them to silently and often effortlessly steal or destroy large amounts of unstructured data assets for malicious and financial gain. Without a data-centric security model that enables the application of zero trust and least privilege concepts at every point of access, there is no effective way to protect that data from potential threats.

A fundamental change in approach is long overdue. Instead of narrowly focusing on attackers’ ever-changing Tactics, Techniques and Procedures (TTPs), organizations must prioritize actively protecting the assets they target. This is the fundamental component of data-centric security—protecting data at the core, not at the edge.

The technology behind data-centric security

Adopting a data-centric security model begins with shifting focus away from traditional network-based security approaches to approaches where security begins where the data resides. The modern definition for these cyber-infused storage technologies is cyberstorage, and the solutions leverage artificial intelligence and machine learning to combine active security controls with advanced compliance and monitoring, generating real-time internal visibility to better identify, detect, and manage respond and recover from encrypted attacks on unstructured data assets.

Compatible with any on-premises, cloud, or hybrid network environment, these solutions strengthen data maturity by simplifying the complexities of active data protection, scalable data storage, and ongoing data compliance through a unified approach.

• Privacy: Securing both primary and secondary data files from compromise, loss, theft, or damage while providing the built-in ability to quickly recover data to a working “known good” state in the event of a breach
• Data storage: Providing a scalable utility architecture to efficiently store data while maintaining the accuracy, completeness and quality of the data as it is made accessible to users via standards-based protocols
• Data compliance: Threat vector mitigation through Certification that all systems continuously enforce required data security policies and that all users comply with regulations to prevent misuse, theft or loss of sensitive assets.

Cyberstorage solutions also enrich the enterprise cyber ecosystem with actionable cyber defense insights that are unattainable through external network systems. Real-time leadership creates the agility needed to not only prevent breaches, but also respond quickly to them and mitigate their impact.

Cyberstorage is the missing element in a complex security ecosystem. It’s not a replacement for network-based cyber solutions, but rather the key ingredient missing from the recipe for defending against modern data-centric attacks like ransomware, data theft, sabotage, and…well…basically all attacks that have been missing in the past few happened years ago.

How to implement data-centric security

Implementing data-centric security doesn’t have to be difficult. It boils down to three basic steps:

• Realign your perspective
• Layer and subdivide
• Set up a feedback loop

Before investing in the actual technology behind data-centric security, it’s critical for organizations to develop a mindset for a data-centric approach. The first step is to stop thinking of security as a “doors-and-windows” issue — just lock the doors and windows to keep the bad guys out — and instead think of it in the context of the asset you own you are most interested in protecting. Ask yourself, if it’s impossible to keep the threat out, what countermeasures can ensure my data stays safe anyway?

Most organizations lack visibility into what is actually happening with their data — how much data there is, how it’s being used, who has access to it, and what separates “normal use” from “abnormal (or malicious) use.” The effectiveness of data-centric security is rooted in the insights gained from using data sources themselves. Doing this effectively takes intelligent software like a cyberstorage solution, but before you get to that point you need to have a general understanding of how users and applications are logically categorized by capability, and then a segmented approach to implementation pursue. Once those boundaries are established, implement controls in layers to ensure protection.

Security is a living and breathing thing. The ever-evolving threat landscape requires organizations to continuously improve their defenses. They do this by taking information from multiple sources and continuously feeding it into a system that can evolve as threats evolve. Sources such as audit and change logs, administrator and user access patterns, and policy changes provide a foundation for computers to learn on their own and improve defenses.

Data-centric security obviously goes beyond what humans can do on their own. People create the business rules, but it’s the technology that implements them. With the volume of data stored expected to triple over the next few years, a data-centric approach must begin with paying attention to where that data resides and how “secure” those storage systems are.

Real, tangible progress in strengthening organizational security posture can only be achieved through cyber resiliency by protecting data at its core. By placing an increased focus on implementing data-centric security across the public and private sectors, we can take steps to ensure 2022 will be a year of positive change – not just more of the same.

Eric Bednash is CEO and co-founder of RackTop Systems.