Post Online, a UK-based media outlet covering the insurance industry, published a story about how the question of making company systems more secure from hacking continues to prey on the industry’s mind. In “Hacking: One Step Ahead,” journalist Edward Murray interviewed several experts who provided advice on how organizations can stop unauthorized people from breaking down their digital doors.
Protegrity CEO Suni Munshani was one of these sources. Below are excerpts from the section of the article resulting from Murray’s interview with Munshani. Post subscribers may read the complete article here.
By not securing the raw data, it is easy for insiders to simply make copies and walk right out of the door with it. Edward Snowden got access to the data he leaked while working as a contractor at the National Security Agency. Similarly, the data breach suffered by Aviva was also perpetrated by employees working within the firm.
Where someone is hacking into the network from the outside, once they get past the perimeter defences, then they have unfettered access to the data if it is not secured in some way.
“The majority of breaches in financial service and other companies happen where greedy, misguided or misdirected employees with the right credentials take it,” says Suni Munshani, chief executive at data security firm Protegrity.
“Companies need to start to recognise that access controls are not the answer. Changing and putting in new firewalls is not the complete answer. Of course, you need to do all that – it is necessary, but not sufficient.”
Looking beyond these types of defences, Munshani says firms need to think about data as a tradable commodity. They need to realise how easily it can be monetised and, therefore, how important it is to secure data in its raw format.
He questions just how many people actually need to see the data in its full form and feels that, for too long, employees have emailed unsecured spreadsheets, data repositories and files without any care over who has access to their contents along the way. In most cases, even the end recipient can use the data without seeing it in its entirety.
“At Protegrity we secure the data and give each data element a full set of characteristics,” explains Munshani. “Policies make determinations on what happens to the data and which users have access to it – even if they are managing the data. They can do their job, but they cannot get access to the data itself.”
This approach does not restrict a company’s ability to analyse the data, create management information and mine it for cross-selling opportunities or use it for marketing purposes. It does, however, stop large numbers of people having easy access to unsecured data unnecessarily.