I’ve been thinking about zero-trust and least-privileges access lately in the context of unstructured data security. They’re some of the most exciting security frameworks out there – but to date they’ve been applied mainly to network-based resources with a network-first perspective.
But these two frameworks can be applied to data – although there are some mental adjustments you’ll have to make first.
Like I mentioned, traditional zero-trust has a network-first mentality. Think databases, applications, and the like. Unstructured data, on the other hand, is fantastically complex and diverse (see details in this study ). Specialized data, such as a contract or a sales strategy, might be both strategically valuable and difficult for outsiders to understand – not like a discrete networked resource that often has a fairly high IT profile, is well-understood and is “worthy” of attention and resources.
Attempts to “scale” security to unstructured data have, so far, been time and labor sinks. Pattern matching and end-user file markup techniques come to mind. Neither option is working very well.
But you have to know what you have before you can protect it.
For the same reasons, developing policies for networked resources, while not easy, is at least manageable. Unstructured data is different. It’s diverse and dynamic, changing with time and business imperatives. Data loss prevention (DLP) technologies take a stab at the unstructured data policy problem, but DLP implementations are highly complex beasts bordering on unmanageable.
Knowing what policies to apply to each file is a very tough problem, and so far is hasn’t scaled well at all.
These two problems – discovering/categorizing your data and defining appropriate access policies – are now solvable with automated deep learning solutions.
Deep learning reveals document meaning and context to provide accurate, granular categories that reflect business criticality. These categories are an essential for zero trust security solutions. Deep learning, being far more accurate than pattern matching and far easier to implement than end user classification programs, is the answer.
Once categorized, deep learning can establish a security baseline for each category. That baseline encompasses how files are permissioned, shared, stored and managed, and it reflects the policy decisions made by the people who know those files best: the owners and end users. From here it’s an easy step to find and fix at-risk files, automatically and accurately.
Zero trust/least-privilege security is possible for unstructured data. By categorizing data and discovering the most appropriate security policies for each file, we’ve kicked away the barriers to effective, efficient and focused security at the file level. We’re finally ready to apply one of the decade’s most powerful security frameworks to the millions of files and documents our users create and manage every day.
Have you ever considered the invisible barriers that exist within your organization? With so much data flowing in more places...
Note: this article has been updated and refreshed as of 12/10/23 As the cybersecurity landscape evolves in scope and complexity,...
Not long ago, the term data privacy was considered a buzzword. Today, data privacy has moved to the forefront of...
This article originally appeared in Campus Security and Life Safety magazine. It’s clear that ransomware attacks are on the rise,...
Ransomware is a particularly heartless endeavor: criminals have targeted schools, vital infrastructure, and even patient records at a psychiatric treatment...
Almost every IT project must, at some point, run the financial justification gauntlet. Even initiatives with broad organizational support, like...
Libero nibh at ultrices torquent litora dictum porta info [email protected]
Start connecting your payment with Switch App.