Simple Formula to Keeping your Data Safe
14 November 2017 at 8:08 am
With more and more Australian organisations moving their workloads to the cloud, it’s important to ensure data remains secure, says not-for-profit technology specialists Brennan IT.
The not-for-profit sector is one of the most important industries when it comes to data security, as breaches and leaks can have major impacts on the lives of Australia’s most vulnerable. In today’s cloud connected world, security should always be front of mind.
Stringent measures need to be put in place to protect sensitive data. However, not all data is equally important, so it’s not always necessary to apply the strictest security policy on every application. By taking a staggered approach, organisations can be efficient with their resources, while still having peace of mind. The first step is understanding your data and there is a simple formula to help.
You should start by objectively assessing the risk if each data group were to be compromised.This is a combination of the probability of a data breach occurring plus the impact of that data breach. Assigning a score to each of these considerations will let you decide how much to invest in keeping that data secure.
Brennan IT’s COO, Dayle Wilson, says there are four key elements you should examine to ensure you are getting security right:
- Compliance framework
Cloud providers gain security credibility through certifying their platforms on to compliance frameworks and industry-based compliance standards. If you comply with these standards you will receive a higher quality of service, diminishing the likelihood of that provider being successfully breached. Businesses that value their data and intend to shift to the cloud need to make sure that the chosen cloud provider is certified with the appropriate framework for the data.
- Data regulation
Different types of data are subject to different regulations. For example, NFPs who turn over more than $3million annually will now be subject to the change in the Privacy Act, making it mandatory to publicly notify the Office of the Australian Information of Commissioner any data breach.This opens organisations with sensitive data up to a level of transparency that they have not yet had to manage.
- Data classification
Some data is classified according to its content, like health records, and there can be different levels of classification assigned to this data, such as cabinet in confidence, protected, highly-protected and so on. It’s essential to ensure your organisation’s preferred cloud solution complies with that data classification level and protects it accordingly.
- The importance of protecting outbound traffic
Currently, industry discussions around security usually focus on the importance of inbound perimeter protection and intrusion detection: keeping the cybercriminals outside the network.
However, in most networks, hackers will always find a chink in the armour, no matter how small. A more mature security policy is to recognise this inbound threat and adopt a security posture of containment.
Containment means it’s essential to control the damage once a cyber adversary has breached the perimeter. Specifically, the security measures should prevent the attacker from going back outside the network to download malware or ransomware. Downloading their payload requires the hackers to communicate outbound from the network. Preventing this is what keeps the network safe.
There are technologies and solutions that can block the outbound communication effectively but IT managers are often reluctant to use these as they can impact on the user experience, attracting complaints from employees because they can’t access their social networking sites, for example.
Wilson says the best way to protect outbound communications is via a transparent proxy server. This isn’t automatically provided as part of a cloud solution, as it can be difficult to set-up, so IT decision-makers often don’t purchase one.
Too many IT managers are misunderstanding the risk of outbound communications and failing to implement this simple, yet effective measure. By doing so, IT managers can effectively secure their organisations’ data whether it lives in the cloud or on-premise.
Data security should be considered with every change or update made to your organisations IT environment, a trusted partner can help to bridge any security gaps in your network.
Brennan IT has been catering to the specific technology needs of Australian NFPs for many years, and our team of specialist engineers are immediately on hand to discuss how can help you to help others.
Visit here or contact us on 1300 500 000.