As more information continues to become available regarding the recent data breach of the hospital networks of the University of California, Los Angeles, one IT truth rings out loud and clear. Monitoring your network is simply not enough anymore, you must take active, meaningful strides to segment your network and encrypt your data. Ultimately, at the end of the day, your company needs to know that its data, both customer related and employee related, is safe from intrusion and exfiltration.
DataPrivia has long used network segmentation as a core control in our security methodology and recently in PCI DSS version 3.0 network segmentation was strongly recommended as a critical control. Network segmentation is one of the most, if not the most, important security controls for the protection of your data and critical systems. When policies and standard controls break down, a properly segmented network has the capability to drastically slow down, or completely stop, the vector by which you are being attacked. It is a critical that you safeguard the sensitive data within your network the same as you would any valuables at your home or at the bank. Further information on network segmentation can be found here.
Data encryption is the next most critical control that should be in place to protect your data. Proper data encryption ensures that when all other access controls are breached you have some measure of security so that even if your data is taken, it cannot be read, used, or distributed in a useable manner. Sophos, a security product vendor specializing in end-user security, is making tremendous strides in this area to make encryption not only stronger and easier, but also more effective. Currently, under final development efforts, Sophos’ Project Galileo is designed to allow network segmentation and security, antivirus and anti-malware, and encryption technologies to all work together. For the first time, it will be possible for encryption software to “engage a lock down mechanism” on your data if malicious software or activity is detected. As this type of technology continues to develop, there will be a technological revolution in the way that data can be protected dynamically. More information on Sophos’ security offerings can be found here.
The bottom line is that cyber attacks and data breaches are constantly trending up in both quantity and scale. In order to ensure that your company stays ahead of the wave, due diligence must be taken towards complete IT security regardless of your company’s industry. No longer are industries hidden from the purview of attack. In today’s world of cyber crime, if your company is not practicing proper data security, the question truly is not “if” you will be hacked, but “when” will you be hacked.
For more information, security audits, remediation assistance, or other consulting/professional services, contact [email protected] or 855-477-4842.
DataPrivia, Inc. is an information technology and information security company comprised of innovative technology experts. We provide managed and professional services across the United States with offices located in Nashville, TN, Dallas, TX, and Lynchburg, VA.