This post is co-authored with Patrick Sweeney, Executive Director, Product Management, Dell SonicWall.
Last week, everyone, (including us) was talking about data breaches, as the Verizon 2012 Data Breach Investigations Report had just been released. Data is often top of mind in security because it represents all that is valuable ─ customer details, intellectual property, finances, etc. Additionally, as we know, data comes in many forms, from structured data in databases to unstructured formats like a pdf scan. It’s a pretty broad topic, for sure, and it deservedly garners a great deal of our attention. That said, we’d like to offer some tips on how to secure your organization from risk and prevent future threats.
How to combat security threats:
- Adopt a “least privilege” security posture that gives each employee the least privilege necessary to accomplish required tasks, and ensures that unnecessary access rights are revoked whenever an employee changes roles. Some of the most common implementation options to help get to a least privilege state include: assigning appropriate access directly to users based on well-defined roles, limiting access to administrator and/or root accounts – making sure that the passwords to these accounts are not shared, are changed frequently, and that there are controls in place to limit and track their use.
- Embrace an access review policy and regular, automated access alerts that notify two or more administrators of access changes, employee changes or other critical issues. To prevent access creep, access privileges must be dynamically linked to human resources and staffing databases. Notifying more than one administrator helps overcome negligence.
- Lock the front door by fostering education, encouraging diligence, and developing processes such as regularly changed passwords. Employee education can cover the logistics and basics of security, but also can address topics such as the psychology and known techniques of social engineering hacks.
- Achieve compliance by implementing access control and separation of duties practices and technologies, and developing, implementing, and enforcing secure policy on all system access.
Dell’s Connected Security solutions enable businesses to connect and share intelligence across the entire enterprise to make sure all employees have only the access they need to do their jobs – and nothing more.