How to Implement a Data-First Approach to Cybersecurity

Apr 15, 2022Cybersecurity, Network Security

Employees with smartphones, tablets, and laptops can access more data from on-premises and cloud stores anywhere in the world. The security barrier is considerably less precise, and endpoints are interchangeable; nowadays, very little data “lives” only on your phone or laptop. The shift to a digital world has overturned the conventional security paradigm, which focused on the edges and inner endpoints. Instead of concentrating on the outside in, organizations are focusing on data-first cybersecurity.

Data security is both simple and complex. What makes data protection seem so straightforward?


If you can answer “yes” to these three questions, and you can say “yes” again and again, your data is secure:

  1. Do you know where your most vital data is kept?
  2. Are you sure that only the right people have access to it?
  3. Do you know if they are using data correctly?


The three basic data protection dimensions are importance, accessibility, and usage.


If you work in IT or information security, you already know that comprehending these factors isn’t simple.


If you can’t answer “yes” to these questions, they’ll lead to further queries with serious consequences for CISOs, compliance officials, boardrooms, and investors. Questions such as “where are our sensitive and regulated data?” are common examples of this type of inquiry.


The solutions don’t seem to get any simpler as data continues to mount on-prem and in the cloud, with applications and data stores each having their own security models.


Where Should You Put Your Data?

Where Should You Put Your Data Cybersecurity

The number of places we can store data has increased dramatically in recent years, and it’s increasingly common for users to access their information from numerous devices and endpoints.


In today’s world, many businesses use a mix of cloud apps and infrastructure to complement their on-premises IT.


Cybersecurity Guide: Storing Your Important Data

Even in the world of approved apps, the attack surface is huge and complex to understand and evaluate in terms of risk. As a result, certain businesses have chosen to concentrate their efforts by instructing staff to tag files or using automation to identify or categorize regulated or sensitive data in order to prioritize data security efforts.


The idea of breaking a large issue into smaller parts seems logical, but even the tiniest components may be overwhelming when the problem has gotten this big. The majority of businesses are shocked by the number of confidential papers and records they uncover. There are hundreds, if not thousands, of files here — there tens of thousands there — and the list will vary.


Those who come to this situation without a firm plan of action may get hung up over what to do next. Some people might choose an aggressive approach, such as relocating everything they discover and erasing everything else, or encrypting everything so that only a select few have access to it.


Organizations are increasingly aware of the various forms of data breaches, but multiple technologies have emerged to help secure data. Rather than zeroing in on a single method or technology, organizations should consider all available options and select the one that is most suitable for their particular situation.


To verify whether access is correct for any data, sensitive or otherwise, you must first discover who has access to it — which is frequently harder than people believe, especially in the cloud.


Who Has Access to Your Data?

Without a framework for understanding what data is controlled or sensitive, organizations are CHOOSING to give access. What may come as a surprise is how difficult it can be to identify who has access in the first place.


Permissions or access control lists are used to grant access to data. While the algorithms are quite similar across applications and data stores, the implementations vary considerably. Even if they mostly fall into categories such as generating, reading, modifying, deleting, or sharing information in each application, their capabilities are defined differently.


Finally, the calculations involved in determining effective rights for a specific object or user can be very sophisticated and vary greatly from the data store to the data store. Object-specific permissions, group relationships, hierarchy inheritance, roles and role hierarchies, and other system-wide settings may add to the complexity.


All of these details and functional relationships must be normalized across data stores and applications in order to comprehend each user’s access permissions correctly. Determining who has access to data is a practically impossible task without this kind of automation. It also hampers other routine activities such as incident response, diagnosis, and audit reporting.


Understanding Access Activity vs Permissions

Understanding Access Activity vs Permissions

Understanding access activity is not any easier than understanding permissions. There are several sorts of events that are related to data security specifically, including:


  • Data access events – A database is an organized collection of information that can be retrieved and used by people, computers, or other devices. Users who access the data must have permission to do so. A database is a system in which users create, read, change/update, delete, or share data.
  • Access control changes and configuration changes – There are several concerns that can arise when data is stored on a central server, impacting the accessibility of data.
  • Authentication events – which users, from where, and with what sort of authentication is linked to the data storage (e.g. single or multi-factor).
  • Perimeter events – DNS, VPN gateways, and proxies that offer insight into unusual connections are examined.


Because data stores and applications describe these situations so differently, it’s tough to give responses that apply to them.

If one or more of the three dimensions – sensitivity, permissions, or activity – isn’t correct, your security will be ineffective.


If you only have the activity dimension and not the sensitivity or permission dimensions, you may be able to tell what data has been accessed after a breach. You may be able to tell whether any data was taken, but you won’t know how sensitive it is, who else had access to it, or whether it was exposed incorrectly in the first place.


Each of these elements is required to ensure secure data protection across all of these dimensions.