If you have a teenager, you’ve probably heard the phrase, “T.M.I.” It’s an acronym for “too much information,” and in my home it’s a signal that I’m supplying way too much information than what’s needed. It is also a major reason why information security is becoming much more difficult for enterprises today. Quite simply, organizations are drowning in the amount of data they collect. And though it’s counter-intuitive, I submit that for better security, less is more.
Just consider how many things are done through some kind of computer or digital device. Cloud and near-universal mobility are fueling an extreme escalation of real-world processes into digital. The responsibility to secure all this digital data falls to us in the security field. And right now, we are failing because we are making the wrong decisions when it comes to data security.
To be effective, security needs to be flexible and very agile.
Years ago, we in enterprise security had the advantage. There were clear boundaries. Perimeters that were relatively easy to map and defend. We could ensure security with external connections and firewalls. But that scenario is the antithesis to what we deal with today.
Today, everything is fluid. There are no hard boundaries or clearly defined perimeters. Cloud is constantly allowing new ways to deliver anything to do with data. To be effective, security needs to be flexible and very agile. It needs to address the huge amount of decisions organizations need to make on a daily basis. Decisions that have to be made as fast as possible and constantly altered and modified. Decisions that must be applied to the collected data to transform it into actionable data.
So now, the question really becomes: What kinds of data do organizations like yours need to start collecting so you can process for actionable data?
Collect Everything. Secure Nothing.
For many years, our focus was on collecting every piece of data in our network flows. The idea was that this would allow us to analyze and protect more effectively. It sounds good in theory. But despite the fact that we collect all of this data, there are data breeches every single day – more than 6500 in 2018 alone, according to a recent report.
Why do we miss data threats when we collect every piece of that data? We miss it because the amount of data we collect is too large, too diverse and complex. Security people and organizations get so caught up in collecting so much data they can’t do anything with it. They just don’t have the budget, people or resources.
So, what is actionable data for security?
As someone who has been on the front-lines of data security for more than 20 years, I believe I know the answer. And again, it has to do with how IT security is evolving and transforming. Bottom line, IT security was, and to a great extent, still is, networking security. From that subset came the set of security tools we are all familiar with -- firewalls, VPNs, SIEMs, and so on. All are built around applying security policies to IP addresses. That made sense in an era of static network environments. But today, that doesn’t work at all.
Funnel for Actionable Data.
I submit that the problem we face is that we don’t know what we’re targeting so in response, we collect everything. The focus today is all about the data or information pipeline. It’s all about how I am collecting all this data, the quadrillions of bytes from so many different sources and places. I admit that’s cool to talk about -- but it’s not getting you and your organization to actionable data.
What we need is not a data pipeline but a data funnel in which we take data and then funnel it into actionable data. Today, we are too preoccupied with collecting data. What we should be preoccupied with is extracting data to collect actionable data.
I realize I am targeting a couple of sacred cows of security. The first of these sacred cows is that networking guys still want to do security the way they have always done it: they want to build data security around IP addresses. That was once both easy and effective. But today, an IP address is useless for security. To improve security, you need to build around user identity. The focus needs to be on what the users do with your data.
What we need is not a data pipeline but a data funnel in which we take data and then funnel it into actionable data.
The second sacred cow that needs to be eliminated from the security conversation is to take the focus away from collecting data for data’s sake and focus instead on the funnel, not on the pipeline. Extraction is the goal, not collection. Don’t collect network information for security purposes. Focus on the identity of the user and classify your data so that you can monitor and track it in real time – that combination provides a tremendous tool for creating your funnel – and allows for vastly improved data analytics.
By shifting to an identity-centric, data classification approach, your organization will be able to do more, and better security, with less data. It will allow you to make security decisions faster and more effectively. And by focusing on extracting rather than just collecting information, lower your overall security costs. I know it sounds counter-intuitive, but the only right way to do data security in our digital age is to do it smart – and not by collecting too much data. I assure you that if we do, we can transform the present state of data security.
Symantec is the only security vendor today that can deliver an identity-centric, data classification approach across all your digital communication channels. I invite you to learn more by contacting your Symantec representative. Or by visiting the links below: