Vormetric Big Data and Cloud Security

Vormetric Blog

Subscribe to Vormetric Blog: eMailAlertsEmail Alerts
Get Vormetric Blog: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Protecting Critical IP – When Compliance is Not Enough – The Keys to the IP Governance Kingdom

Meeting compliance not enough to protect IPHear ye! Hear ye! The era of the information age has come.

Once upon a time, the majority of information and assets were physical. But then the world continued to transition into the digital age, however organizations weren’t set up with the proper precautions to prepare for the information security battle.

Nowadays, everyone is fighting for access to IP (Intellectual Property), the secret sauce of essentially all organizations. Aside from protecting customers and employees, organizations must remember that protecting IP is not only vital to retaining brand credibility, but also to keep an organization running smoothly. In fact, according to Vormetric’s Insider Threat Report, 93 percent of U.S. enterprises feel vulnerable to data breach.

With new threats constantly arising in the cyber-landscape, adversaries (hackers) are getting better at finding, retrieving and stealing sensitive data and IP. This poses a challenge to organizations. The result – a cybersecurity battle.

ClickToTweet: Protection for Critical IP – More than Compliance http://bit.ly/1OPwVQ6

Most organizations have specific compliance requirements such as PCI DSS, HIPAA HITECH, data residency, data privacy, etc. But meeting compliance standards alone is not enough to protect IP. Not even close. Compliance aims to adhere to regulators, and isn’t necessarily designed for protecting critical IP and data. System vulnerabilities and threats need to be approached independently from compliance standards.

When it comes to protecting IP. few industries aren’t in need of protection:

  • Manufacturing: The plans, formulas, specifications, source code and methods used by leading manufacturers worldwide are a prime target for national and competitive adversaries worldwide.  Acquisition of this information could allow a rival to leapfrog over years of intensive development to match the best in the world.
  • Government: Citizen information, organizational makeup and even secrets are IP that both local and national governments deal with daily.  Keep in mind that this runs the gamut from your local tax rolls to police/criminal justice to national level data (such as the information exposed with the recent OPM and IRS breaches of millions of records)
  • Defense industries:  Critical plans, specifications, methods and materials represent both business and national advantage.  Lives literally depend on protecting this intellectual property
  • Healthcare: If an organization is HIPAA-compliant, than this means that they are only meeting bare necessities. As with Anthem, CareFirst and a variety of other healthcare organizations, they found more measures to protect critical IP should have been put in place. As we’ve learned, healthcare organizations must not only prioritize the protection of patients’ physical health, but also critical healthcare data that can compromise personal and financial futures.
  • Entertainment: Early in 2014, most organizations in the entertainment industry were unaware of the fact that they were considered targets. For the entertainment industry, the concept of protecting IP wasn’t on the radar until Sony. Sony opened our eyes to the security ramifications present in the entertainment industry as well as our daily lives.
  • Retail: Target marks the spot for retail’s key learnings on protecting critical IP. There was no IP governance in place prior to the Target breach. Even though Target was PCI compliant at the time, it doesn’t mean that it was governed and secured by PCI standards and other compliance standards that are in place.
  • Financial Services: If the information about your accounts, balances and access information isn’t considered to be critical, I don’t know what is.  Think about the fact that banking, insurance, retirement and other accounts are all numbers stored inside of systems within this industry.
  • Infrastructure:  You might not initially think that your power, water, gas and other utilities include IP, but that’s not true.  The detailed plans for infrastructure, networks, controls, and related information represent a tempting target for attackers looking to cause damage on large scale.

To protect your IP, we recommend a three-tiered approach:

  1. Understand: Understand what your IP is and educate yourself. It is also important to identify the data that should be considered the crown jewels for your organization.
  2. Classify: Determine where your data resides and how it communicates with the existing infrastructure.
  3. Protect: Here at Vormetric, we can’t stress this enough. Look at ways to protect data. Whether encryption, tokenization or other methods of data security, you can’t cover your bases with a sole reliance on compliance!

When looking at data protection and measuring compliance and IP, we’ve learned that compliance will not secure data. If you want to know if IP or data is safe, you have to watch insiders with legitimate access and look for unauthorized access attempts. Watching out for changes in the amount and type of data being accessed by individual users at any given time can be essential to spotting an insider turned rogue or if their credentials have been hijacked by cyber-criminals.

Questions? Thoughts? We would love to hear what you think. Share them with me online and tweet to @solcates.

The post Protecting Critical IP – When Compliance is Not Enough – The Keys to the IP Governance Kingdom appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

More Stories By Vormetric Blog

Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.