Securing the data pores of an organization with dynamic approaches

Data security today has become of crucial concern. The complications are adding up with further digitization, since several applications make up an organisation’s structure. These companies offer some unique solutions.

According to cybersecurity company Trend Micro, 73% of organizations in India report they are likely to experience a data breach that impacts customer data in the next 12 months. Indian organizations ranked the top three negative consequences of an attack as lost IP, critical infrastructure damage/disruption, and cost of outside consultants and experts.

“Once again we’ve found plenty to keep CISOs awake at night, from operational and infrastructure risks to data protection, threat activity and human-shaped challenges,” said Vijendra Katiyar, Country Manager, India and SAARC, Trend Micro.

“To lower cyber risk, organizations must be better prepared by going back to basics, identifying the critical data most at risk, focusing on the threats that matter most to their business, and delivering multi-layered protection from comprehensive, connected platforms.”

Multi-layered is the key word here, with an organizational structure containing different nodes of inlets and outlets in the form of applications, cloud, etc.

The 5A Methodology for IAM

As communication between various entities within as well as outside an organization becomes digitized, layers of entry and exit points crop up within every structure. This in turn creates a need for securing these entries and exits.

Recently, CMS IT Services came out with a White Paper on following the five As of Identity and Access Management (IAM), namely, assurance, authentication, administration, automation, and analytics.

“Thinking of IAM as a 5A methodology presents it as offering a comprehensive suite of solutions for the whole expanse of areas and entities that are the business of a contemporary business,” the white paper says.

Policy Based Management for Cloud Security

Cloud is a particularly vulnerable area in business organizations as container breaches threaten every day. In 2018 and 2019 exposed breaches caused by cloud misconfigurations resulted in nearly 33.4 billion records in total.

According to the Ponemon Institute’s 2019 report, the average cost per lost record globally is $150. Multiplied by the number of records exposed, misconfigurations cost companies worldwide nearly $5 trillion in 2018 and 2019 alone.

As containers are created rapidly, the growing demands placed upon developers often leaves a security gap that exposes potential threats and risks in the configuration settings. As enterprises accelerate their adoption of cloud technologies, several companies provide the essential method with native tools and language to secure containers for enterprises deploying resources in cloud environments.

For example, Nirmata, a software solutions provider for governance, compliance, security, and automation of production Kubernetes workloads and clusters has created Kyverno, a policy engine designed for Kubernetes.

Nirmata’s mission is to enable the automated management of cloud native applications in an infrastructure agnostic manner. To achieve this, they insist, policy-based management is critical for achieving autonomy across roles while keeping alignment to organizational goals and standards. The company recently raised US $4 million led by Z5 Capital with participation from Uncorrelated Ventures, Samsung Next, and BGV.

A Frictionless API-Based Cloud-Native Approach

In a similar example, McAfee recently announced that MVISION Cloud, part of its secure access service edge (SASE) offering, MVISION Unified Cloud Edge (UCE), now provides enhanced security coverage for Microsoft Dynamics 365, a line of enterprise resource planning and CRM software applications.

This solution complements Dynamics 365 capabilities by using a frictionless API-based cloud-native approach that allows IT teams to seamlessly enforce data loss prevention (DLP) policies and collaboration controls, access control, address threats from insiders and compromised accounts, audit all user activity and secure corporate data as users collaborate in the cloud.

McAfee is one of the only cloud access security broker (CASB) vendor who has released API-integrated enterprise data and threat protection capabilities for Dynamics 365, providing enterprise users with an added layer of security, visibility and control.