The most effective method to Accomplish InfoSec When Your Instruments Do InfraSec
Alas, it’s a lesson still to be learned by some organizations that try to fight off attacks on sensitive data with tools intended to secure IT infrastructure. Data poses unique risks, and tools for InfraSec are not primed for InfoSec. The term InfoSec refers to the protection of information (the data) that resides in an organization's IT infrastructure.
InfraSec tools tell you what the enterprise environment consists of in terms of devices and software, plus identities with related access rights. Without InfraSec tools, security teams would be completely in the dark about critical vulnerabilities looming... in the infrastructure.
Take note: The security data revealed to teams by InfraSec point tools might provide vague clues on the security posture of some sensitive data, but InfoSec is not their focus. We’ve previously described specific risks for sensitive data, such as its rapid proliferation in modern environments and how easy it is to lose track of sensitive data stores. Let’s consider reasons why InfraSec tools fall short of data security.
How InfraSec Tools Fall Short For Data Security. There are many tools for doing InfraSec, and it’s easy to get lost in a variety of their point purposes. InfoSec teams should begin asking hard questions about how well InfraSec tools are meeting their direct needs for protecting sensitive data. Configuration management database system (CMDB): This tool is a database of information about an organization’s hardware and software assets.
The related population of the CMDB, it may also help teams to understand the business importance of particular assets, which helps determine risk posture and accelerates remediation processes. CMDBs, however, are utterly unaware of the existence of sensitive data inside data stores. This tool looks through an organization’s network, communications equipment, connected devices, applications, and APIs to detect and classify weak points that could be exploited by an attacker.
Vulnerability scans can also function inside a cloud environment and determine if workloads have potential weaknesses. For doing InfoSec, however, a vulnerability scanner alone will not inform teams about how the threats affect sensitive data tucked inside a myriad of cloud data stores one or more hops away from where the vulnerabilities themselves reside.
IAM tools fall short for InfoSec because the possible permutations of access and data types are too many to analyze, compare and prioritize. Moreover, if the IAM tool is unaware of the location of sensitive data, it cannot directly assist InfoSec teams in doing their job. Cloud security posture management (CSPM): This InfraSec tool identifies misconfiguration and compliance issues in cloud environments.
It just makes your team work harder than necessary to discover, classify and protect sensitive data at risk. The last thing an InfoSec team needs is more alerts and noise. Your InfoSec tools should be purpose-built for finding and protecting sensitive data.
• Discovery of where sensitive data resides in your organization’s cloud environment.
• Classification of all data to inform teams which data are at risk or must meet compliance mandates.
• Access management for sensitive data wherever it resides in the cloud.
• Risk and vulnerability management for all paths leading to sensitive data.
• Compliance support to all instances of sensitive or protected data.
Like Sean Connery said: Don’t bring a knife to a gunfight! The practical lesson here for InfoSec is to never let your guard down in protecting the organization’s sensitive data. Your team may think it has the best tools or maybe hopes its InfraSec tools will keep InfoSec in good shape, but when attackers strike for your sensitive data, you’d better be sure your organization has the right tool purpose-built for InfoSec.
correspondent by:
Comments
Post a Comment