Is there any organization with sensitive data that someone else isn’t trying to collect? We create processes, methodologies, and technical know-how. Even if we don’t have secret source-code or a cool product with intellectual property, every organization maintains some form of data that needs protection.
Most organizations store data either on-premises, in cloud, or, more likely these days, in both locations. But do we also consider other locations, such as inside Teams or in personal end-user shared folders? And which of these data stores contains sensitive data we want to protect? And ultimately, who has access to all of it?
Along the entire data life cycle, there is the potential to lose information. Data loss comes in the form of attacks, such as spear phishing and ransomware. It can also be in the form of human mistakes, such as misconfigurations in sharing or in SaaS service settings.
It can also be in the form of abnormal requests, such as geolocation access and changes in permissions.
The old methods of conducting risk assessments, vulnerability scanning, logging access and file attributes (add, remove, delete) no longer suffice when we are not able to track where our data goes after it is created.
To protect data from exposure, we need to map the current environment.
- Data needs to be labeled to their classification to the organization (e.g., sensitive, proprietary, public).
- User and group permissions need to be allocated.
- We need to monitor the data regardless of where it is (local or remote).
- Reaction to incidents needs to be in real-time – we have one shot to protect it.
- We need to track data for Incident Response and Digital Forensics.
To implement a good data protection program, we should also use behavioral-based analytics. This means when something is performed that is out of the ordinary, it should be recognized and determined if it is a one-time event or something that needs to be quickly addressed.
One final note is to have the ability to rollback data if we lose it through deletion, corruption, or other sanitization activity.
So how do you track data? You can manually go through your Office 365 and look up users, their rights, and their access to each of the shared areas. This is long and tedious, especially if you have a large number of users or a lot of shared access and locations. Plus, you’ll probably miss something. There are tools out there that will automate this and make your life much easier.
Reach out to me for a discussion on what’s possible.