By Sonit Jain , CEO of GajShield Infotech
Early 2020 hit us with COVID-19 Pandemic, forcing us to announce an emergency lockdown. This was to impact all business by stalling their business operations completely. However, we live in 2020, an age which is driven by technology that has already transformed us from using physical files and paper to complete digital infrastructure to store business-critical data, some on-premises and on the cloud. The challenge was to keep the operation running under the stricter government guidelines on operating with a minimum staff capacity and then switch to a completely remote working culture, which has now become the new normal.
While most of the enterprises seamlessly switched to a remote working environment due to their existing infrastructure that allowed ease in accessing data and working remotely, many struggled with permitting secured remote access to these business-critical data to their employees. Few enterprises used various cloud storage and file-sharing platforms for accessing data while physical meetings also became virtual and events became webinars.
These technologies, while they enabled the ability for enterprises to work remotely and help continue business operations, this overnight switch and a rushed implementation exposed a major loophole in their data security, caused majorly because of the lack of visibility on both the remote employees’ activities and the inability to understand data’s criticality, its usage and other contextual information to prevent both intentional and unintentional data exploitation. Moreover, the enterprise didn’t have any control over the use of malicious applications, platform, incoming threats that pose as a threat to use these remote users as the gateway to enterprises’ network, opening a larger challenge in ensuring data security right with the remote workforce.
Negating these challenges can be difficult by holding on to the older security approach, the impact of which we saw in the recent data breaches faced by Spotify, Big Basket, Upstox etc. This new work infrastructure demands for a more robust and purpose-built security solution with a newer approach to security, such as the Data Security Approach. It keeps data at the centre of all its initiatives, covers enterprise’s SaaS/Cloud application platforms and brings the remote/WFH users under the security infrastructure to prevent intentional/unintentional, internal and external data exploitation while protecting from network threats, keeping us ready for the future.
Let’s look at how the Data Security approach will change the way we look at data security, not only in the current work infrastructure but also ensure data security in the future to come. It begins with breaking down each data transaction and strip it down to the data level and identify various parameters, deeper than just traditional layer 7 to identify the data, its criticality, nature, the platform in use, user and other information using deep visibility. This ability to deep dive into the data level information allows an enterprise to setup policies at a granular level for better data security enabling Allowing enterprises to eliminate false positives, it accurately identifying anomalies and outliers to prevent intentional and accidental data exploitation.
The Data Security Approach allows to eliminate shadow IT issues by restricting the use of business-critical data over an application that poses threat to enterprise’s data and if allowed, it keeps a complete log on all outgoing data from the enterprise. Its ability to deep dive in various context allows to restricts the use of personal accounts for business use and vice-a-versa.
With remote working being here to stay for a while, the enterprise’s remote workforce must be well monitored and their activities must be controlled to mitigate the risk of these remote devices turning into a threat vector. This is to be done by ensuring enterprise move towards a Zero Trust security architecture, ensuring that access to application and data is related to only those users who require it. When employees are working from home, it is difficult to control from which device they are accessing the corporate network for which BYOD policies have to be well defined so that only company-provided devices are used to access critical data and other devices are limited to non-critical or public information only. Security needs to be also enhanced by bringing the remote workforce under the enterprise’s security infrastructure by using a simple yet powerful remote working solution that enforces complete web traffic through the enterprise’s security infrastructure irrespective of the ISP type and implements data security policies on them preventing data leak by these users while also saving them from external web-based threats.