FEATURE : NETWORK SECURITY
Once a file has been given open access , it ’ s likely to be spread far and wide throughout an organization . If it gets inserted into an email , it may become part of a widely circulated email train .
It ’ s incredibly difficult for security teams to track and control access to data in such a scenario . Identifying and blocking all the user actions that result in open access to organizational data would be an impossible manual task . So , organizations turn to Artificial Intelligence and Machine Learning-driven user and entity behavioral analytics ( UEBA ) tools , but these are no instant solutions .
If the tools used are not sufficiently robust , they may fail to detect inappropriate data access , or generate masses of false positives that must then be resolved with large-scale manual interventions .
is necessary . Security awareness training should be implemented but not relied on . It ’ s only a matter of time before an employee will make a security mistake . Working from home has only added to these pressures and potential distractions that can lead to unnecessary data access .
A better solution is to implement a least-privilege approach . If the data users can access is limited , and the locations in which they can store data are limited , you will minimize your risk .
As the number of data breaches continue to rise , organizations should assume they are already being targeted by hackers . Restricting access to data is a key step organizations can take to reduce the level of damage from a successful breach . p
Another technological solution that addresses the consequence , not the root cause , of lax data access controls is data leak protection technology . This technology relies on file labels that specify how a file should be protected : whether it should be encrypted or whether certain operations on it should be blocked , for example .
However , automatic file classification systems are unable to apply these labels with sufficient accuracy and still rely on users to do so . There is no guarantee that users will apply the appropriate label to a file .
Of course , the first line of defense is making sure users do not extend access to data beyond what
MOST USERS WANT TO MAKE THEIR JOB EASIER AND WON ’ T
NECESSARILY FOLLOW
ORGANIZATIONAL POLICIES COVERING HOW DATA MUST BE HANDLED .
www . intelligentcio . com INTELLIGENTCIO APAC 43