The Need for a New Security Approach
by Mairtin O'Sullivan - Senior Security Consultant at Espion
Data classification is a key element in the data security model because unless you know how sensitive the data is you canít assign adequate security controls to its protection. For example, if you have two file servers on your network; one which stores all your companies intellectual property, and one which stores employee personal photos, which are you going to prioitise and assign greater levels of controls to? When stated like that it seems obvious but how many people really know whatís stored on their file servers? And if you donít know whatís there, youíre either going to end up over-spending on protecting data that isnít sensitive or youíll under spend and leave sensitive data exposed.

Data encryption is a rapidly growing area of security. While security managers have been very familiar with the use of encryption for securing data in transit over public network such as the Internet, encrypting data at rest on file servers or in databases is a relatively new concept.

If data encryption is a new concept for many data integrity is an even stranger concept again. Data integrity boils down to a simple question, but one that often is unanswerable, how do you know the data hasnít been changed since you entered it? There are many examples where data integrity is even more important than data encryption. For example, if your company produced medicine, would you know if someone altered the formula just prior to a new batch being produced?

Data access control may seem like an area thatís already addressed by existing access control controls but can you restrict access to the data throughout itís life? You may only allow the finance department access the budget files, how do you restrict access to the budget file once itís been copied to a USB key or emails to an anonymous email account? Technologies such as DRM allow you to ensure that only the members of your finance department can open the file so that if the file is sent outside the organisation is will be useless to anyone else.

Naturally, each of the new controls bring with them many obstacles to overcome such as locating data, educating employees on classification, key management and supporting mobile workers. This are the challenges of the future.

The next time you think about security, donít just think about how to keep the bad guys out, think about how to keep the data secure.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th