Share this article on:
Earlier this month, Australian data security company archTIS published a fascinating blog post on how to keep intellectual property and military secrets secure, especially from insiders with malicious intent.
It’s a fascinating read in its own right, but the concepts can be applied to any company. If companies treated all of their data — especially personal data — like it was essential IP or highly classified information, data breaches could be less frequent and less damaging.
Here are three takeaways from the blog that any company should consider.
Ask yourself who has access to your data
Companies should run through a checklist of questions to make sure the right people are accessing the right data, and using it as intended. Getting the answers to these questions can help a company apply the right security measures.
Take a zero-trust approach to everything
The key principle here is “never trust, always verify”. Every user in an organisation, whether internal or external, should be continuously verified and authenticated, and the best way to do this is by using attribute-based access control.
Depending on the attributes of data, its users, and the environment the data is being used in, companies can set up highly granular and adaptable security policies.
To quote archTIS, “Using ABAC, organisations can granularly micro-segment access to individual data assets based on user (e.g. country, clearance, nationality), environmental (e.g. device, location, IP), and data attributes (e.g. sensitivity, classification).”
It’s not just about access
With ABAC policies in place, a company can manage its data more securely.
Admittedly, this is where archTIS is spruiking its own products, but there are many commercially available data management options.
The right data security technology can let a company apply the proper markings for sensitive documents and data, including dynamic watermarks, and help track where data has been leaked from.
Encryption can even be applied to sensitive documents if certain conditions are met, based on a company’s ABAC policies, with the right tools.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.