Control Your Data; Control Your Destiny
By: Orhan Yildirim
Don’t become another headline!
Your customers entrust you with their data – earn that trust by putting into place software that allows you to control your data, both internally and on third-party domains.
Massive data breaches impacting enterprises’ reputations and, in fact, their futures, have not been going away. In fact, according to a recent industry survey by Carbon Black, 92% of surveyed UK businesses have been breached during the last 12 months, and 91% say cyberattacks are now more sophisticated. Another study by the Ponemon Institute estimates the average cost of a data breach to be $3.86 million in 2018, a 6.4% increase from the previous year. Globally, according to Gartner, $96 billion is being spent by enterprises and organizations, less than 10% of what cybercriminals are estimated to spend, at $1 trillion.
The report notes that spear phishing, ransomware, weak security processes, outdated software, commodity malware, crypto-jacking, and supply chain attacks are all contributing to data breaches, and while Privileged Access Management doesn’t address every security issue, having governance and oversight over-privileged users goes a long way in strengthening control.
In fact, a 2018 report from Gartner stated the top IT Security Projects for 2018 are Privileged Access Management, Application Control, and Protecting Endpoints, in that order.
With more visibility and media coverage of devastating data breaches, enterprise and government leaders are more aware of and more aggressively funding cybersecurity solutions. Traditional security measures, including firewalls, intrusion detection systems, VPNs, session border controllers in the VoIP world, and more are no longer enough to defend against increasingly sophisticated and financially incentivized bad actors.
Massive trends and growing technologies like cloud, mobile and network and application virtualization blur the boundaries.
But that is no excuse for not understanding and addressing the morphing attack surface.
For decades, enterprises and organizations have relatively successfully built a perimeter around their data and systems, easier to do when those entities had their own data centers, their own private networks, with most of their technology on-prem.
Times were simpler. The data that flowed in and out came through single or dual, very controllable IP access points, or was managed on the physical devices. The perimeter was clear.
Today, however, with multiple clouds and multiple applications, microservices, partnerships, APIs and other new integrations, there is no longer a “linear” perimeter, rather a continually changing, dynamic exchange of data in and out of the traditional “IT Zone.”
But that is no excuse for not ensuring every point of data exchange, whether physical or virtual, whether infrastructure-as-a-service or software-as-a-service, is being governed – monitored, managed and protected.
And today, what is most clear, is that the most valuable data organizations and governments have is the data cybercriminals want the most, as it can be monetized, to the tune of trillions of dollars.
The right Privileged Access Management platform addresses a more dynamic, increasingly virtualized and constantly growing cybersecurity perimeter, by reducing risks from cyber-attacks, including those caused by internal actors (which comprise now half of the cybersecurity breach initiators).
This is not to say that PAM is an added expense. Depending on the approach, PAM can reduce costs, when more routine tasks are automated, and audits can be conducted more quickly.
A quality PAM solution, designed for cloud-native environments, but working within more traditional environments as well, drives employee productivity by giving them secure access to systems while enabling management to easily view activity and receive alerts and notifications when policy is being broken – in real-time.
A modern, well-architected PAM solution that scales also reduces the time and risk associated with password management, simplifying and securing passwords through intelligent automation and control.
Data is destiny – and come the time your business is targeted, during an attack, the right PAM solution enables you to quickly audit privileged accounts to review password changes, actions, and any applications launched within your infrastructure.
What will your organization’s destiny be? Determination and a quality decision on the right PAM strategy (as part of an overall security strategy) can help ensure a healthy, growing business, even in the context of increasing threats and cybercrime.
Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals. However, phishing and ransomware remained the most common approach, accounting for 33 percent of all cyberattacks.
For organizations looking to break beyond the limitations that traditional cloud-based networks impose, edge computing can make all the difference. Often touted as the “next big thing,” edge solutions have started to become common practice in many industries, thanks to the introduction of new technology such as the Internet of Things (IoT) and its various devices, as well as 5G.
Often touted as the “next big thing,” edge technology has started to become common practice in many industries thanks to the introduction of new technology, such as the Internet of Things (IoT) and its various devices, as well as 5G networks.