FEATURE : NETWORK SECURITY
IDEALLY , ACCESS TO DATA IN ANY ORGANIZATION SHOULD BE RESTRICTED TO ONLY THOSE WHO NEED IT .
However , even back then inconsistent access control lists ( ACLs ) and global access groups put data at risk , and it was common for users to put data on shared or networked disk drives .
In recent years , data volumes and storage locations have proliferated enormously . Today , it is almost impossible to find and fix all inconsistent ACLS .
Users may already be aware of which data is highly sensitive . So , unless restrictions make it impossible to move this sensitive data , it ’ s bound to end up in an insecure location at some point .
The shift to remote working
The rapid uptake of cloud-based collaboration tools to support the shift to remote working has made this problem much worse . Tools like Microsoft Teams enable users to create new repositories for data and share access to that data with anyone in the
organization . Often , IT and security lack insight into how data is being shared and resaved .
For example , anyone using Microsoft Teams can create multiple SharePoint sites online , add users with various levels of access or make access available to anyone : all with a few clicks and no technical expertise .
Placing access restrictions on all data would do much to curb such practices but doing this presents a huge organizational challenge . It can be challenging to identify sensitive data and its degree of sensitivity , to apply appropriate controls .
To do this , organizations need to know where data is stored , who has access to that data , if that access is legitimate and who has responsibility for making decisions about access .
The challenge of locking down data
One oft-touted solution is to have the creators of data classify and tag it appropriately . However , this requires those responsible for tagging to understand what constitutes sensitive data , and not deliberately mislabel data to make access easier to avoid hassles caused by restrictions .
The challenges were already big enough when all data was kept on-premises . IT and security teams could see when access to a particular dataset was broadened , or access rights changed . With data now typically spread across private and public cloud systems as well , the challenge is much greater .
42 INTELLIGENTCIO APAC www . intelligentcio . com