By Ganesh Karri
When it comes to data security, simple and easy-to-make errors can be unforgiving. One small, seemingly insignificant mistake can result in very large negative consequences. These consequences can include anything from financial penalties to brand tarnishing. Fortunately, however, preventing these mistakes is quite easy with proper planning.
While there are many different angles to consider when examining data security, they often all return to a few simple principles. We selected five of the most important of these principles and have outlined how to avoid some of the most costly mistakes associated with them-
5. Poor Credential Management
Most companies should not need to be reminded that passwords should be kept secret, meet strength requirements, and be updated regularly. Still, lack of attention to this area is one of the most common data security mistakes.
Insecure or out of date passwords are not the only problem associated with credential management. Companies also need to have procedures in place for providing and revoking credentials—and the network administrator in charge of this must share responsibility with someone with similar administrative rights. Many companies institute single-sign on for convenience sake—which makes credential management even more important as more resources become attached to a single set of credentials. Invoking the principle of least privilege is another crucial point. The principle of least privilege states that no person should have more administrative right than needed to do the job.
To avoid this happening, invest in trusted identity management platforms that handle data capture, credential issuance, and identity lifecycle management in a secure fashion. Of course, don’t forget to change the default passwords on your network devices such as routers either. Not that we needed to say that.
4. Data Sprawl
Data sprawl is a condition in which unsecured sensitive information is stored across a large number of devices or servers without regard to security. This often involves cardholder data for electronic payments, which can quickly become a significant liability. Quite often, data sprawl results without it even being known to the company, as a result of growth over time.
To remove the risk associated with a data breach, remove the sensitive data altogether! If companies always encrypt or tokenize sensitive data within applications, databases, and file systems and carefully control the encryption keys, the security risks associated with data sprawl can be reduced or removed altogether.
3. Forgetting to Back Up Data
Some disasters are unavoidable, such as those natural disasters that bring systems offline. In those instances, a contingency plan should surely be in place.
Not having a contingency plan, that is, a means of disaster recovery such as backups is bad. Not enacting that plan, if it is in place, is equally damaging. Always invest in disaster recovery mechanisms and ensure that they’re doing their job. And don’t forget that testing backups periodically is just as important as taking them in the first place.
2. Being Unaware
When something in the network changes, do the administrators know about it? If not, they may not have monitoring and alerting tools and procedures in place—and that can be a costly mistake.
Monitoring and alerting tools provide valuable insight into the second-to-second operations of a data security infrastructure, and notifications provide actionable information as soon as it’s needed. It would be a mistake not to make use of tools such as SNMP, SMTP, syslog, and other such protocols.
Finally, thinking an infrastructure is secure when, in fact, it is not: that is the most egregious mistake that data security professionals can make. A complacent company might initially architect a secure network, and then it might not maintain the infrastructure. Data security is a living, working process. It requires constant care and updating to stay ahead of the attackers.
Every mistake on this list can most likely be traced back to complacency. It’s important to remain vigilant in protecting your assets from the constant threat of breach. Security is not a single, unmoving endpoint. It’s a constantly moving target that takes dedication, deliberate action, and innovative thinking in order to succeed. Keeping this in mind, organizations can build a strong foundation of security-centric thinking within their teams, ensuring they are prepared to address even the more sophisticated of threats both now and into the future.
The author is Chief Solutions Architect and Regional Business Manager for South Asia at Futurex