Article by Dragan Petkovic, Security Product Leader ECEMEA at Oracle.
Privacy of data remains one of the most vulnerable resources and the requirement to protect personal data is only intensifying with the likes of the GDPR and PoPI Act coming into effect. We are likely to see steep fines being imposed during the second half of the year as a result of a loss of personal data through the GDPR.
Well-run companies realise that there is no such thing as a hundred percent security, but still apply prudent measures to protect their data. While perimeter security is as important as always, additional resources are required to protect data closer to the source.
Organisations on their journey to the cloud understand that while the cloud takes some of the network and infrastructure security headaches away, the responsibility model for security is shared. Cloud Access Security Brokers (CASB) are mandatory in planning cloud security posture. Practise security inside-out and build security in every layer of your IT.
Encryption a quick win to protect confidential data
Encryption is one of the easiest technical controls to implement and a number of organisations opt for it as a quick win since it requires minimum human intervention. It has been used for decades and it leaves me speechless that some organisations are still not using it to protect their confidential data. Oracle has made big efforts to make its encryption solutions transparent to implement with no or minimum overhead.
To combat modern security threats, many enterprises are turning to security solutions that leverage user behaviour analytics (UBA). By analysing user behaviour and forming a baseline definition of normal, these solutions can notify IT administrators when deviations occur.
Understanding user behaviour
Traditional security measures based on protocol analysis and virus signatures continue to be part of every enterprise’s defence system. However, these solutions are more applicable to legacy threats than the modern ones designed to target specific enterprises. Traditional solutions alone simply cannot keep up with the sophistication of today’s attacks and hackers, nor can they cope with savvy users who, for the sake of productivity and convenience, often attempt to bypass existing security measures and company policies.
Traditional security measures also do very little to detect internal threats, which are becoming an increasing concern for many enterprises. To improve security for both cloud services and traditional IT, many enterprises are implementing security solutions that analyse user behaviour. Rather than focusing solely on quickly identifying attack objects such as viruses and malware or beating the hackers to the punch with early discovery of vulnerabilities in operating systems or browsers, these UBA solutions focus analysis on actions performed by particular users, forming a baseline of normal behaviour and continuously monitoring for deviations from the accepted norm.
With security at the core of the modern organisation; good governance for managing systems and people effectively is critical, while strong authentication and encryption become a necessity.