Protecting what matters

Share this article:
Steve Martino, CISO, vice president, Information Security, Cisco
Steve Martino, CISO, vice president, Information Security, Cisco

As hackers and their tactics become increasingly advanced, well-funded and clever, protecting your organization's most critical data is more important than ever before. Yet not all data requires the same level of security. When thinking about data protection, there is almost never a “one size fits all” solution. Instead, security teams must assess the different security requirements for each type of data that exists within their organizations.

Sensitive data is never easy to manage – it is always more costly, complex and time-consuming than managing data that requires less protection. Unfortunately, the prospect of saving money often creates the temptation to accept lower levels of security for critical data. Best practices can help organizations identify the different categories of data within their networks, and assign custom security levels to each.

Whether it is a database of customer information or valuable intellectual property, an organization's “crown jewels” need to be protected with the most robust security possible. Yet knowing how to identify the different security levels of data in your organization, along with the appropriate level of security needed, can be a challenge.

The best way to understand your organization's data protection needs is to create a data sensitivity pyramid with distinct layers, defining classes of data to which appropriate security measures can be applied. Of course, this is not a new idea – governments and defense agencies have classified their data in a similar way for many years.

As one might expect, a significant majority of all business data – the “80/20 Rule” often applies for many organizations – is relatively uninteresting to external parties and therefore less of a risk if exposed. This base of data forms the data security pyramid, and as such, will not require as much protection as the top 20 percent. Of the 20 percent, a certain proportion will be at the very top of the pyramid as it is truly business-critical – the essential data that needs to be protected with every appropriate resource – ensuring efforts are applied where they are the most productive.

Finding the top critical data is easier said than done. For that, we have to go a bit deeper. For example, technology companies like Cisco typically consider source code to be part of our “crown jewels” data, but not all source codes are equally critical. Open source code is often leveraged and can be available to everyone; some source code that performs generalized functions may be considered proprietary to the company, but are not hard to reproduce with time and talent. However, specialized source code that provides a unique function that differentiates the company from its competitors would absolutely be considered top tier data.

To identify the blocks of intellectual property or customer data that are the most valuable, you need to put yourself in the shoes of your potential adversary. Ask yourself, “If I were a criminal, what could I sell or use? How would I get it?"

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?

Copyright © 2014 Haymarket Media, Inc. All Rights Reserved
This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions.