While it’s important to secure data no matter where it lives, data in motion is at its most vulnerable for hackers and needs to be a focus point for your security and compliance efforts.
Data in motion has to contend with human error, network failures, insecure file sharing, malicious actions and more. Almost every business has data that needs to be transferred outside protected business applications and systems to enable collaboration between co-workers, systems, and outside parties. Not sharing data is not an option.
Companies must accept the reality of data insecurity when in motion and take proactive steps to prevent an expensive and embarrassing data breach.
The first step is to accept that your company data, including sensitive data, is being sent insecurely via shadow IT. When IT isn’t involved with how data is being transferred, there are critical disadvantages, These often trigger other serious issues, such as:
- No visibility – Without visibility that allows reporting and alerts, IT teams will have no foresight into potential data breaches or vulnerabilities. This makes it hard when it’s time for an audit.
- No integration – IT teams can’t automatically extract data from unauthorized systems to other established process.
- No automation – The manual process of ad hoc transfer and sending the right data to the right person at the right time unnecessarily slows down multiple departments.
To prevent this risky activity, here are three best practices for securing your data in motion:
Restrict Cloud Sharing and Other Alternative Methods
Cloud-based apps, such as Dropbox and Google Drive, allow individuals to bypass the IT and procurement departments entirely – creating shadow IT. The downside is that these applications often don’t meet corporate standards for data protection and encryption and hinder IT teams from protecting the company’s data by cutting off their visibility. Often times, employees don’t even realize that this type of activity increases the risk of security breaches and data loss.
Not only does unauthorized cloud sharing/alternative transfer methods put your data in motion at risk for a breach, it also might lead to lost or accidentally misplaced data and the inability to comply with data privacy and protection legislation. This, in turn, could leave companies liable for fines and even prosecution.
Identify Critical Assets and Vulnerabilities
The biggest component of securing data in motion is managing risk by recognizing the frequency and methods putting your company at risk. Start at the most basic components of your data’s security lifecycle to classify departments, data, and people. Set priorities on how to ensure security of all critical assets and vulnerabilities.
Implement Security Framework for Data in Motion
One of the most common reasons that employees engage in activities that put their data at risk is a lack of clear IT policies. Look to industry standards such as PCI, HIPAA, GDPR, ISO 27001 to implement security framework for your data. The best way to secure data in motion is to move to a multi-layer plan.
In my experience, the following data transfer requirements are crucial:
- End-to-end encryption.
- Strong authentication.
- Automation of file based tasks, rules and policy management.
- User Ad Hoc secure file transfers.
- Guaranteed delivery.
- Integration with existing security controls.
- Tamper evident audit trail.
- Monitoring all file transfer activity.
- Exception notification.
- Automated report creation and distribution.
- High availability.
- Disaster recovery.
Building a data security in motion plan is much more than just encryption. But it isn’t as daunting as some IT teams may think and awareness is the first step. Spend some time evaluating how your company treats data in motion. Implement processes and systems that ensure the safe transfer of your sensitive data.
Take action today with a simple three step plan:
- Risk management – Get top level approval and start with the most critical threats. It’s all about recognition of risk and planning.
- Control framework – Find out what technologies your users are utilizing and look to industry standards such as PCI, HIPAA, GDPR, and so on.
- Technology, training and processes – Implement plans based on priorities and set up a clear, easy and secure system for data in motion security.
(This article first appeared on the Ipswitch blog)