Trust is the lifeblood of customer confidence and the foundation to build a solid brand reputation. In recent times, organisations have experienced dramatic digital transformations against an emerging threat landscape, writes Bernd Achatz, Director Systems Engineering, F5 Networks, a security and cloud product company.
During the past year, 4,149 data breaches compromised more than 4.2 billion records, smashing the previous all-time high of around one billion exposed records in 2013 (1). So, what must organisations do to ensure data security and gain customer trust? Data integrity relies on robust security and systems to allow only authorised persons to gain access to services. Control is fundamental to prevent breaches to the network., With the rise of the internet of things (IoT), applications are the most vulnerable assets that need to be protected. Today there are over one billion web apps and by 2020 this number could easily rise to over 5 billion. With new European laws due to take effect in 2018, safeguarding customers data and sensitive information is vital to remain compliant and avoid major fines.
The growth in mobile devices and cloud-based applications has significantly elevated security risks. Data breaches in 2016 exposed everything from social security numbers to user account log-in names and passwords. Cybercriminals are not operating in a fantasy world. They are motivated for different reasons, including hacktivism or to illegally acquire valuable data to sell on the black market.
Data confidentiality spans the collection, transport and destination, whether in the cloud or in an on-premises data centre. To maintain integrity, data must not be changed whilst in transit or altered by an unauthorised person or automated bot. If data becomes corrupted, backups or redundancies must be available.
Effective security solutions protect data within the applications, the primary source of today’s attacks. They deliver visibility into hidden threats and offer the controls needed to manage access and reduce the cyber-attacks, including DDoS, application and protocol exploits, identity theft, malware and ransomware for example. Safeguarding every infrastructure, from traditional data centres to cloud environments, means users can securely access data on any device, in any environment, and at any time. Integrated security tools also enable inspections to ensure valid application interaction across multiple protocols while allowing flexible policy management and user-friendly access control.
Primary controls use sophisticated vulnerability management tools, such as a web application firewall (WAF), to prevent a breach from exploiting data within applications. A WAF gives security professionals sufficient time to block an attack while the development team fixes the code to secure the application and data. No one is immune to attack. RBS discovered businesses accounted for 51pc of reported breaches, surpassing unknown (23.4pc), government (11.7pc), medical (9.2pc), and education (4.7pc).
Many organisations have turned to encryption to communicate between the user and the web application server. Over 70pc of today’s Internet traffic is encrypted and analysts predict that number will continue to rise. With the right security solutions, it is possible to easily manage SSL to deliver better performance and offer full visibility into encrypted traffic to make sure that the infrastructure does not bring malware into the network.
Cloud applications are always connected and a prime target for hackers. Timely identification and elimination of vulnerabilities is critical. The authentication, authorisation and accounting stages help organisations gain control and build stronger data defences. The use of single sign-on SSO greatly reduces the chance of credential theft and improves user experience. When an incident occurs, it is imperative for compliance reasons to log all events accurately, including showing appropriate measures have been taken to recover information or inform stakeholders that data may have been breached.
Doing the right thing is not always easy. Many organisations compromise data security because they are not protecting the right areas of the business. Traditional network perimeters are no longer sufficient to safeguard what really matters. Applications are where data is most accessible and vulnerable.
Protecting enterprise data assets across dozens of applications and hundreds of servers is a complex task for organisations facing audits or offering their applications to broader access. Digital information must be accurate and trustworthy over its entire lifecycle. Data is the new digital currency and application security is the gateway to threat mitigation, innovation, profit and intact business reputations.
1 This finding comes from the 2016 Data Breach QuickView report, released in 2017 by Risk Based Security (RBS).