Data security is an ever-evolving field, and staying up to date with the latest best practices can be a challenge. As technology advances, so do the threats posed by malicious actors. Battle-tested industry frameworks not only help you maintain good security hygiene — they can also help your team weather industry change with balanced best practices.
What is a data centric security strategy?
Industry frameworks have evolved over time. The most widely used security framework today is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Developed and released in 2014, the CSF provides a comprehensive set of standards for managing cybersecurity risk across all sectors of critical infrastructure.
It consists of five core functions: Identify, Protect, Detect, Respond, and Recover. Each function outlines specific activities designed to help organizations identify their assets and vulnerabilities; protect against cyber threats; detect when an attack has occurred; respond quickly and effectively; and recover from any damage caused by the attack.
Prior to NIST CSF, there were several other popular frameworks used for data security management including ISO 27001/27002 Information Security Management System (ISMS), Control Objectives for Information & Related Technologies (COBIT), ITIL Service Delivery & Support Processes (ITIL), and Payment Card Industry Data Security Standard (PCI DSS).
While these frameworks are still relevant today, they lack some features found in NIST CSF such as its focus on risk assessment processes or its emphasis on continuous monitoring capabilities, which are essential components of modern attack surface management strategies.
Deciding how to layer and align to additional frameworks comes down to the industry your business operates in and the governing regulatory bodies it reports to.
Regardless of the frameworks you choose, consider starting with the CIS (Center for Internet Security) benchmarks. The benchmarks focus on secure configuration of systems used across business environments. It’s a guide that your team can use to institute controls and safeguards that protect against attacks — and satisfy compliance requirements.
Mitigating misconfiguration risks helps to protect your organization’s sensitive personal data. Yet understanding what personal data your organization collects, stores, and shares can be tough thanks to data proliferation, sprawl, and silos.
Continuous data discovery can help you build a real-time data inventory, classify data by type, and prioritize it based on risks associated with that data. This inventory supports a tailored framework that addresses the unique digital assets and data your organization relies on.
Whether you have a security framework in place or are starting from scratch, here are five steps you can take to ensure it aligns to the industry’s most common best practice recommendations:
- Establish data governance policies: The first step towards implementing a successful data-centric security framework is establishing clear policies for how your organization will handle sensitive information. This includes defining who has access to what types of data, as well as setting up procedures for handling requests for access or changes to existing policies.
- Monitor your network activity: It’s important to keep track of data across your environment so you can identify suspicious behavior before it becomes an issue. In addition to monitoring tools like intrusion detection systems (IDS) and endpoint detection and response (EDR), organizations can consider analytics platforms like Splunk or ELK Stack to help analyze large amounts of log data more efficiently than manual methods alone.
- Implement security controls: Once you have established governance policies and monitoring methods in place, it’s time to start implementing specific controls designed to protect sensitive information. This could include things like multi-factor authentication (MFA), role-based access control (RBAC), application whitelisting/blacklisting, and other measures designed specifically to prevent unauthorized users from accessing confidential resources. The CIS benchmarks can help you identify which controls are appropriate for your organization.
- Utilize threat intelligence platforms: Having real-time intelligence about potential threats is key when trying to stay ahead of attackers. Threat intelligence platforms offer insight into emerging trends, as well as indicators of compromise that may be present within your own infrastructure. There are many free and open source threat intelligence feeds, including InfraGard, DHS CISA Automated Indicator Sharing, Abuse.ch, and Open Threat Exchange from AlienVault.
- Test your security framework regularly: Finally, test your security framework regularly against simulated attack scenarios in order to understand where weaknesses exist within your infrastructure. Penetration testing services can help identify areas where additional controls need to be implemented or existing ones strengthened so your organization stays one step ahead of potential threat actors looking to exploit vulnerabilities.
Maintain your data centric security strategy
Implementing a data-centric security framework that is both effective and efficient at protecting your most valuable assets from unauthorized access or manipulation is key to ensuring a robust attack surface management strategy.
By leveraging both established industry standards and emerging technologies, your team can select and implement effective solutions that are geared towards your unique needs while ensuring maximum protection against complex and evolving threats.
