CYBERSECURITY
GET THE MOST VALUE FOR YOUR CYBERBUCK
As agencies grapple with limited budgets and evolving threats, making the right
decisions is crucial.
BRENT HANSEN
SR. DIRECTOR OF SOLUTION ARCHITECTS, THALES E-SECURITY
COMPLYING WITH federal mandates such as FISMA and the recent Executive Order on Cybersecurity
is critical, but ensuring compliance is just the first step toward truly
bolstering security. It doesn’t guarantee
your systems are secure. According to the latest Thales Data Threat Report, federal government agencies experienced the second- highest number of successful data breaches of any industry sector (behind retail) in the past year, despite complying with cybersecurity mandates. Clearly, government agencies have to do more to improve their security posture. Unfortunately, limited budgets and access to relatively few skilled security personnel often hold them back.
To ensure the protection of critical data, agencies should prioritize proven technologies that also provide the best value. Does this sound like a fantasy? It’s not. In most cases, they’ll get the biggest bang for their buck by encrypting data at rest.
Dollar for dollar, encrypting data at rest
is the most effective control money can
buy. After all, what hackers really want is data. And in most cases, cyber thieves are going after data at rest, not data in motion. Encrypting data at rest is especially helpful in defending against insider threats—both malicious insiders who work at or for an agency and hackers who find a way inside
the network, where they essentially become malicious insiders. Once hackers infiltrate a network, they can elevate privileges and move from system to system, creating additional accounts and accessing and copying data along the way.
Insider threats are typically very difficult to protect against. True protection requires prevent- ing insiders from being able to read or copy data, while continuing to empower legitimate users to perform their tasks. It’s a tricky issue.
The most effective way to protect data through encryption is with technology that wraps data in access controls. This helps agency security personnel lock down data access not only to specific users, but to processes or services. With this technology, security personnel can add a signature to
data that specifies nobody can touch it unless they meet certain criteria, such as a specific application run by a specific service account. At the same time, security personnel can build in permission for qualified users to access the data, but prevent them from decrypting that data. This helps administrators do their jobs without putting the data at risk.
This level of granular control not only protects data from malicious actors, it also provides the insight agencies need to become more proactive over time. Administrators can access detailed metrics, such as the number of attempts made during the past 30 days to access data, which administrative credentials were used to try to gain access, and whether any attempts were successful. With this type of information, agencies can take action to further fine-tune their cybersecurity posture.
When it comes to keeping government information and systems secure, it’s about balancing security requirements, budget, and available human resources. Agencies that spend 70 percent of their budget on a firewall that only provides 40 percent protection are not making an efficient use of resources. Agencies are much better off spending 30 percent of their budget on encryption offering 90 percent protection.
By taking this approach, agencies have the option of using the rest of their budget to fill in the gaps with other cybersecurity technologies. Sounds like a win all around.
Brent Hansen is senior director of solution architects at Thales e-Security.
SPONSORED CONTENT
S-16