Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

How treating important data like a military secret can improve overall data security

Earlier this month, Australian data security company archTIS published a fascinating blog post on how to keep intellectual property and military secrets secure, especially from insiders with malicious intent.

user icon David Hollingworth
Fri, 27 Jan 2023
How treating important data like a military secret can improve overall data security
expand image

It’s a fascinating read in its own right, but the concepts can be applied to any company. If companies treated all of their data — especially personal data — like it was essential IP or highly classified information, data breaches could be less frequent and less damaging.

Here are three takeaways from the blog that any company should consider.

Ask yourself who has access to your data

============
============

Companies should run through a checklist of questions to make sure the right people are accessing the right data, and using it as intended. Getting the answers to these questions can help a company apply the right security measures.

  1. Where is your data stored?
  2. How sensitive is it, and do any regulations (such as GDPR compliance) apply to it?
  3. If it is sensitive, is it properly flagged as such, via headers or other labels?
  4. Who can access the data, and should access be more limited?
  5. Can that data be easily shared or edited?
  6. Who can it be shared with, and how can it be shared? Do you need more restrictions in place?

Take a zero-trust approach to everything

The key principle here is “never trust, always verify”. Every user in an organisation, whether internal or external, should be continuously verified and authenticated, and the best way to do this is by using attribute-based access control.

Depending on the attributes of data, its users, and the environment the data is being used in, companies can set up highly granular and adaptable security policies.

To quote archTIS, “Using ABAC, organisations can granularly micro-segment access to individual data assets based on user (e.g. country, clearance, nationality), environmental (e.g. device, location, IP), and data attributes (e.g. sensitivity, classification).”

It’s not just about access

With ABAC policies in place, a company can manage its data more securely.

Admittedly, this is where archTIS is spruiking its own products, but there are many commercially available data management options.

The right data security technology can let a company apply the proper markings for sensitive documents and data, including dynamic watermarks, and help track where data has been leaked from.

Encryption can even be applied to sensitive documents if certain conditions are met, based on a company’s ABAC policies, with the right tools.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.