Here are three key strategies to help you simplify and strengthen the security posture of your organization.
01
Rewind From Ransomware Attacks With Continuous Data Protection
It’s Like Autosave
For Enterprise Data
With ransomware attacks on the rise, organizations are responding by focusing more intently on data recovery. One way to protect against attacks is to take periodic snapshots of your data so that in the event of a breach, you can rewind to your last saved snapshot within minutes. But even this might not be enough to protect you from data loss.
James recommends an even more granular strategy, continuous data protection, in which always-on encrypted backups of data allow organizations to restore stolen data almost immediately.
The difference between minutes and seconds might not seem consequential, but enterprises often have tens of thousands of employees and customers adding data to systems. Within seconds, organizations risk losing critical data points and business intelligence insights. For industries like finance and healthcare that have additional regulations and security considerations, each second carries cumulative risk.
50% of organizations have suffered an unrecoverable data event in the past three years
— IDC Infobyte, April 2021
James says that organizations must adopt secure and flexible technologies that facilitate continuous data protection everywhere their data is located—in the public cloud, on-premises or in hybrid cloud environments. The open and secure edge-to-cloud platform HPE GreenLake has built-in continuous data protection capabilities, ensuring backup data is secure.
02
Getting Pinged With Access Codes Is A Key Component
Require Users To Prove Their
Identity Every Time With A
Zero Trust Framework
Request a code. Enter the code. Gain access.
Needing to continually verify your identity to view data can feel like a chore. But for security professionals, trusting no one is an effective way to help prevent breaches and uncover successful attacks earlier.
The zero trust framework is a modern approach to security that defaults to a state of restricted data access. Each individual must authenticate every time they access systems, and that access is provided selectively, with limitations based on factors like role, location or even a point in time.
James says the idea of zero trust starts with the questions, “Do you really need access to this? And can you prove that to me?” If the answers are yes, then access is granted, time-bound, automated and logged. It can just as easily be reversed.
When companies make the shift to zero trust, they need to first understand the full scope of their data and systems. James suggests first evaluating your most important, high-risk assets.
Zero trust should ultimately simplify your security approach. When you have full visibility into all the ways people can access your data, you can ensure that all of your assets are secure. The upshot is spending less time responding to vulnerabilities and more time finding business opportunities.
“
There are so many ways in which people can find their way into your business, whether it's through your employees, your contractors, your supply chain, your vendors in particular—even your own customers.”
Sunil James, Vice President, Software Engineering, HPE
03
Meet Regularly With A Range
Of Stakeholders
To truly balance access and security, policies governing who can access what data can’t be made in silos. Decisions about access and automation should involve multiple stakeholders, including tech leaders, the executive team and line of business heads.
Stakeholders should meet regularly—quarterly or monthly, depending on business needs—to assess existing policies and areas where they can improve.
“Businesses evolve every day, right? Customers evolve, the security landscape evolves, what we think might be important evolves,” James explains. “It has to be a mode of operation where you are trying to, as continuously as possible, understand and assess and then make decisions.”
Collaborate On Policy To Decide Who Can Access What Data
Collaboration Checklist
While technology is critical to the security strategy, it's ultimately your people who determine how that strategy changes to best meet the needs of your business. For a unified security strategy to work, leaders must consider the full scope of their business—their people, processes and technology.
Reducing complexity and closing security gaps across the enterprise opens up more room for innovation, insights and new opportunities. Ready to unify your data across all your systems, devices and edges? Explore HPE GreenLake, the open and secure edge-to-cloud platform.
Audit and review your list of critical data assets
Create a committee comprising a range of stakeholders
Meet regularly to assess and refine security policies
