An Umbrella for Data Security
The next time you attend a CISO conference panel, approach the mike and ask who uses encryption, leakage prevention, identity management, and behavioral analytics to protect their data. Expect every hand to go up, because – you will be told – no enterprise security team of any consequence could ever survive the jungle of modern compliance, audit, and regulatory demands without this familiar set of data controls.
But now ask these CISOs how their data security is coordinated across the seams of their architecture. What you will hear, I am afraid, are crickets. This should not be a huge surprise, because protecting data traversing product boundaries in an enterprise has been a weakness in our industry. Just ask those retailers who had credit card data stolen as it flowed across unprotected workflow interfaces.
This challenge emerged during a review with the executive team from Global Data Sentinel, a New York-based cyber security company founded in 2014 and focused on securing data. The salient aspect of the GDS approach involves an umbrella solution for data security across existing controls. “We provide an end-to-end protection approach for customer data across the entire enterprise,†explained CEO, John Galinski.
Inherent in the GDS solution is a concept known as a Data Management Operating System (DMOS), which supports the pillars of data security including encryption, identity and access, audit, and behavioral analytics. The DMOS umbrella is unique because it supports these familiar security controls by focusing specifically on the seams where data leakage or theft might naturally occur.
Architecturally, DMOS starts with GDS infrastructure in the cloud and supporting key management and related data security functions. Partial key-based distributed controls are used to ensure multi-party coordination to unlock protected data. The GDS gateway, which is positioned inside the firewall, includes open interfaces to existing or planned data security solutions in the enterprise.
DMOS makes special client reader software available for data sharing across an enterprise, but GDS also offers an agentless solution that uses native browser protections. This is important, because while many applications are perfectly suited to special client readers, some are not. I suspect this is a design issue that will evolve in the data security marketplace.
One of the example use-cases we discussed involved large government agencies using the GDS DMOS to coordinate structured and unstructured data controls into a true end-to-end solution across their organizational infrastructure. “Our use cases range from offering encryption support across different organization boundaries,†Galinski said, “to supporting data security inventory across an environment resulting from multiple acquisitions.â€
This challenge of ensuring data security across the seams also helps reduce the risk of advanced persistent threats. Such advanced breaches involve the use of lateral traversal, usually guided by Active Directory, to locate and grab any valuable information. Clearly, an umbrella data protection program to overlay or complement constituent, underlying security controls will reduce the APT risk to data considerably.
A practical difficulty implementing any umbrella strategy involves convincing upper management that complementary data security controls are required in conjunction with existing security solutions. For example, if the organization just invested in encryption, then it might take some clever negotiating skills to explain why another data security product might be required. But don't let this slow you down: It’s worth the effort.
To summarize: The idea resonated with me strongly of an umbrella data protection program across the key pillars of enterprise security. Umbrellas cover seams, and it is my belief that most successful data security attacks reside in the interfaces between systems. Have a look at this interesting technology from Global Data Sentinel and see if it makes sense to cover the data security seams in your own organization.
Let me know your experience.
We build Revenue Systems that run themselves for $1M+ businesses | DealFlow Dynamics
7 å¹´Edward, Your solution sounds powerful and very helpful for ensure the security across a suite of enterprise applications and networks. Keep me in the loop as you make progress to market. We do a lot of enterprise systems design and development and security is always a challenge and get's very complex if you don't have the infrastructure to manage it efficiently. Thus making it less secure!
Associate Professor in Artificial Intelligence and Cybersecurity
7 å¹´Most cloud service providers advise their customers to worry about their outsourced data, and not to worry about the cloud infrastructure security. I have a solution that I believe it has better features. It should be available soon in IEEE Xplore Digital Library under paper title "A Highly-Secure Self-protection Data Scheme in Clouds Using Active Data Bundles and Agent-Based Secure Multiparty Computation".
Mathematics Teacher at St. Anthony of Padua Catholic School
7 å¹´I agree with Ed Amoroso's recommendations-work the interfaces between your systems for enhanced cyber-security protection.
Lawyer, Trusted Introducer, Former US Senate Staff Counsel (early 80’s for Senator Bob Dole), Former State Assistant Attorney General, Judge and Retired Senior Legal Division Instructor at FLETC.GOV "IP On Everything"
7 å¹´?? Thanks, Ed ! Nothing like good protection from the 'elements' :-)