With the advent of collaborative platforms, shadow IT, file shares, and other business applications, content is increasingly entropic and difficult to secure.
Given the sprawl, organizations tend to put a great many resources toward protecting the network endpoint. It’s increasingly apparent, however, that this is insufficient in preventing external attacks. In a 2015 CyberEdge Defense report, 70% of respondents’ networks had been breached in 2014 — up from 62% in 2013, despite a substantial increase in endpoint spending.
This truth, paired with escalating internal threats, has effectively forced organizations to face the reality the data loss WILL happen; 52% of respondents in the CyberEdge survey felt that a successful cyber-attack against their network would occur within the year. Yet, 67% of organizations still intend to either augment or replace existing products to combat this problem, and this is madness.
Organizations must assume a breach will happen, and new strategies must include comprehensive governance of content within the network. Protecting endpoints was a good and necessary start. Monitoring network behavior and access privileges is the next step up, and organizations do seem to be adopting. Dubbed the ‘detect and respond’ approach, it increases data visibility and swiftly identifies security events.
However, it’s still reactive in nature. Damage is done in an instant, and reactive approaches fall short in the modern cybersecurity paradigm. As Jake Frazier, senior managing director at FTI Consulting, explains, “the work you do before the breach is most everything you can rely on. Once the breach happens, it's really difficult to maneuver.” Too much content is available after a security threat is detected.
So, take the content out of the game.
As permitted, take content—especially that which is sensitive—off of front-end employee facing applications. Consolidate and secure it on a governance platform that provides the functionality needed to use the content through its lifecycle. Keep the content available when it’s needed, but do so in a way where it’s not sitting on a silver platter when a breach inevitably happens.
It comes down to making the extra effort and spending a little now, or getting burned later. Larry Ponemon, chairman and founder of the Ponemon Institute, put it simply: “without appropriate information governance structures in place, companies risk their high value knowledge assets being targeted by these attacks, a cost perhaps far higher than that of protecting the data to begin with.”