Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Use the Power of the Pyramid to Protect Critical Data

Cisco : 13 November, 2014  (Special Report)
Steve Martino, Chief Information Security Officer, Vice President, Information Security at Cisco explains the prioritization requirements of data protection
Use the Power of the Pyramid to Protect Critical Data

A gang of Russian hackers recently broke into over 42,000 Web and FTP sites to steal 1.2 billion usernames and passwords. This is just the latest in an ongoing litany of security breaches. Such attacks have become the reality in our interconnected, digital world. Protecting critical data is more necessary – and yet, more difficult – than ever before. For cybersecurity teams, the heat is on.

However, when creating a cybersecurity strategy, it is important to realize that it’s not necessary to apply the same level of security to all data. Security teams can save time and effort from the start by deploying a process that classifies the types of data within their organizations and then determining what level of security is appropriate for each.

Data that requires less protection is always easier and less expensive to manage than sensitive or proprietary data. Unfortunately, the prospect of saving money often creates the temptation to accept lower levels of security for critical data. Best practices can help organizations identify the different categories of data within their networks and assign appropriate security levels to each.

An organization’s differentiating data—whether proprietary product information or processes or a database of customer information—is its most valuable asset, and therefore needs to be protected by the highest possible level of security. Yet knowing how to identify the different security levels of data in the organization – along with the appropriate level of security needed – can be a challenge.

One helpful method for visualizing and organizing the company’s data protection needs is via use of a data sensitivity pyramid. This “pyramid” has distinct layers that describe the different classes of data to which appropriate security measures can be applied. Of course, this is not a new idea: governments and defense agencies have classified their data in a similar way for many years.

The “80/20 Rule” is a good place to start when classifying data. A majority of all business data (the “80 percent”) is relatively uninteresting to external parties, and therefore less of a risk if exposed. The 80 percent forms the base of the data security pyramid, which will not require as much protection as the remaining top 20 percent. Of that 20 percent, a certain proportion will be at the very top of the pyramid, as it is truly business-critical—the essential data that is most costly to protect—ensuring efforts are applied where they are the most needed.

Identifying the data residing at the apex of the pyramid requires a deeper dive.

For example, technology companies like Cisco typically consider intellectual property such as source code to be mission-critical, but not all source code is equally important. Open source code is available to the public online, so is less critical to protect. However, specialized source code that provides a unique function that differentiates the company from its competitors is top-tier data, and ought to be protected accordingly.
The litmus test for whether data belongs in the top tier is to think about it from a would-be attacker’s point of view. If you were a criminal, what could you sell or use? How would you go about getting it? Hackers will levy a fusillade of attack tactics to steal enterprise IP. IT security teams must seriously consider the strategies they can use to get ahead of cyber criminals. Start with understanding the potential weak spots in the computing environment. Even the most secure system can be brought down with a simple social engineering attack.

In today’s increasingly connected and complex network environments, outdated approaches to securing data are simply insufficient. Users access data from more places and with more devices than ever before, creating a labyrinth of new security challenges. Understanding how data is used within the organization is an essential step that organizations often overlook. A better understanding of data usage allows the organization to design security into the process or technology, ensuring protection in integrated and ease of use.

Cybersecurity professionals operate with the well-founded fear of breaches and data theft or destruction looming over their heads. As malicious actors seek every opportunity to exploit vulnerabilities, IT teams must pull out all the stops to keep their data safe. A formalized pyramid model that classifies data according to threat risks relating to different data types and the corresponding impact of a potential attack will help organizations place resources where they are needed the most. This process will streamline security measures, saving time and money and reducing complexity. The data sensitivity pyramid approach is a leading practice in the fight to defend critical assets.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo