Data is the lifeblood of most organizations. Odd, then, that many CIOs and CISOs can't explain how data moves in and out of their organization, or how it flows through their networks. It may seem trivial - depending on whom you ask - to track data flow. To an IT or Information Security exec, however, it should be anything but. After all, how can you properly explain your information security strategy if you don’t know where or how your data is moving in and out of your environment?
Very few network diagrams, solutions documents, or build books illustrate the movement of data in and out of a given environment. There are many reasons why this needs to change, but let’s look at our top five:
Email, content management, and secure file transfer all provide data movement capabilities. Understanding who will move data, where they'll move it to, and which protocol or application will be used is imperative when deploying a data transfer solution. Which users need to send data to customers? When is encryption required? What types of data are being sent? These are just some of the questions that need to be answered in order to provide the best possible solution for your users or customers to move data in and out of your network.
When you understand how your business uses data and how it moves in and out of your environment, you can wrap better information security controls around it. Firewall rules will only allow data to be sent to previously approved recipients, or to accept data from approved senders. Network data loss protection (DLP) policies will be developed to permit data transfers only to known sources and recipients of information. Data encryption will ensure that, should it be intercepted, data cannot be read without the appropriate credentials. These are just a few examples in a long list of benefits reaped from understanding how your data moves.
Industry standards, such as GDPR and ISO27001, require that you have measures in place to control and monitor data flow. This includes technical information security controls as well as controls related to governance, such as policies and standards. Appropriate controls to govern data flow via network zoning and segmentation or system hardening, and movement via enforceable data transfer or email policies are required. Without such controls, you run the risk of an auditor reporting a finding or potentially failing an audit. Not to mention the fact that without enforceable policies and effective information security controls you face higher risk of data loss or exfiltration!
It’s hard enough to be constantly on the lookout for the insider threat when you know what you’re looking for. It becomes that much more difficult when you don’t have a solid idea as to where your data is going, how it's getting there, when it’s coming and going, and why. Tracking user data flow in and out of your network through measures such as user authentication to network resources, will greatly enhance your chances of detecting potential data thieves in your environment.
With great power comes great responsibility. When it comes to leading a team with a mandate of providing maximum information security for an organization, that responsibility manifests itself in periodic reports to senior leadership and the board of directors. Tracking and understanding data movement between your organization and external clients or partners is key when it comes to explaining your information security strategy. It’s much easier to describe how you're protecting the confidentiality, integrity, and availability of your data when you can provide details such as where it's going, how it is getting there, and who's sending and receiving it.
How well you track the movement of your data may make or break your information security practice. You need to be able to discern who needs the data, where it needs to go, how it will get there, and what measures you are taking to protect said data. If you already have data flow under control in your organization, you have a great foundation in place to provide next-level information security. If not, it should definitely be a priority on the to-do list.
And if you want to further enhance your threat detection knowledge grab our Insider Threat Kill Chain Whitepaper.
Watch our Demo Video and in under 30 minutes discover how ZoneFox can enable you to bolster your insider threat security with the ability to make rapid, smarter decisions to secure employees and defend corporate IP.Watch Demo