Data, and increasingly cloud data, has become the most valuable asset for many organizations, integral to driving business success and critical decisions, as well as improving organization productivity and customer engagement. SaaS platforms in particular are used by companies to cultivate customer relationships, by medical providers to manage patient care, and by government organizations and financial services for mission-critical applications. Because of the growing value of cloud data, protecting it must be a priority for an organization’s information security providers, especially when that data contains sensitive customer, employee, and proprietary information.
Despite these trends, many information security providers continue to concentrate their efforts on perimeter security while failing to dedicate proper attention to protecting digital assets. This “M&M approach” to security - a hard shell and soft center - does not adequately address the greatest risks to your data, which involve loss, corruption, theft, and inaccessibility. The costs and consequences associated with cyber incidents impacting mission-critical data are also growing, with some businesses having to spend millions of dollars to recover from data breaches. And given the renewed global examination of the cyber insurance market, there are additional implications of leaving critical data unsecured for an organizations’ cyber liability policy.
To reduce these risks and costs, Information security providers should take a proactive data-centric approach to protecting and managing the digital equivalent of an organization's crown jewels, helping prevent and detect problems earlier, and respond and recover faster.
Cyber Insurance Perspective: To guard against the significant impacts and costs of cyber incidents, organizations have historically relied heavily on cyber insurance. However, cyber insurance premiums are rising rapidly, causing a reevaluation of the options to manage risk more cost effectively, and minimize business impact. As the adverse impacts increase, cyber insurers are looking for better ways to assess the cyber risk of their customers. Insurers can gain greater insights into an organization’s risk profile by assessing cyber resiliency and data hygiene, including how the company handles backup, classification, and encryption of sensitive information. This should be a two-way street however. Organizations seeking cyber liability coverage can actively take steps to implement and demonstrate risk-reduction measures, such as the protection and backup of SaaS data, as a means to smooth the insurance procurement process and, in some cases, reduce insurance premiums.
Reducing risks to SaaS data
Risks to SaaS data are numerous and include insecure database misconfigurations, compromised privileged accounts, human errors, and cyber attacks. These vulnerabilities are why Information security professionals need better and faster ways to detect and recover from cyber attacks that cause unauthorized deletion, alteration, and observation of SaaS data.
Maintaining visibility of changes over time, including historical retrospectives, helps organizations determine root causes of problems, and track improvements in mitigating risks to SaaS data, including security posture progress and data hygiene improvements. One of the pervasive challenges that information security professionals face is preparing for people making mistakes or malicious actions that create cybersecurity nightmares. When an incident impacts cloud data, such as deletion or corruption, information security professionals require a way to rapidly return to a known good state and get back to business.
Proactivity pays off
Organizations that take a proactive, data-centric approach to risk reduction can minimize adverse impacts and experience less business interruption. Being reactive has the obvious disadvantage of providing low visibility into historical events, particularly when an incident goes undetected for months or years. The other challenge of not getting ahead of incidents is that they can disrupt business continuity and are too late to prevent data loss/theft. Being reactive is also costly and often requires the expertise of incident response specialists, a service I previously provided to organizations on behalf of cyber insurance underwriters.
Preparing for cyber incidents involves strategic protection and monitoring of critical data, including access control and encryption, ingress and egress filtering, as well as intelligent retention and analysis. Organizations must have contingency plans for SaaS data loss, corruption, and theft, as well as readily accessible backups for business continuity purposes. When these incidents occur, organizations need mechanisms in place, ideally from independent or 3rd-party solutions that would remain unaffected by the incident, to ensure accessibility and restoration of deleted or damaged data to a good state. I’m proud to say that Own customers experience a 47% reduction in time loss due to data loss, and 71% reduction in average data recovery time.
Cyber Insurance Perspective: Cyber liability coverage is increasingly encouraging, and in some cases requiring, robust data protections and rapid data recovery solutions from organizations in order to get coverage. These data-centric security approaches help mitigate the most harmful SaaS data incidents- loss, corruption, inaccessibility, etc. Insurers will benefit from greater visibility into an organization’s SaaS data risk mitigation level. Insurers can use SaaS Security Insights to tailor coverage and adjust premiums.
Progressively reducing risk with SaaS security insights
Own takes a proactive, data-centric approach to risk mitigation, with a particular focus on Salesforce and ServiceNow, producing cloud-based software solutions that give information security providers greater control of and visibility into an organization's mission-critical data and associated risks.
Consider how a proactive approach can mitigate risks of data theft. Own Secure for Salesforce facilitates the classification and access control of sensitive data, helps accelerate the implementation of Salesforce Shield Platform Encryption, and highlights which items require security event monitoring (Figure) - all of which help reduce the risk of it being stolen.
Figure: Objects that should be monitored (OTSBM) based on fields that are actually being used and are widely accessible by the user community. The view above shows OTSBM sorted by quantity of users with access, which is a common way to evaluate risk to sensitive data. A High Risk Field that contains any data is of concern, because even a low percentage Fill Rate contains sensitive data.
Own Secure presents risk meters in the user interface (see Figure below) and can generate a more detailed PDF report to give information security professionals an overview of the current state in terms of SaaS data hygiene, protection, and risk. The Time Machine feature gives a historical retrospective to track improvements in mitigating risks over time after the organization has taken steps to reduce risk to their SaaS data, including maintaining 3rd-party backups for SaaS data and limiting access to sensitive data.
Figure: Own's Security Insights Dashboard with risk meters and Time Machine
When an organization experiences a cyber incident, and has implemented proactive preservation of data, it creates opportunities to perform forensic analysis and rapid recovery, as discussed in a prior blog post, Getting Ahead of Cyber Incidents Involving SaaS Data. In addition to supporting full restoration, Own Recover has the capability to resurrect deleted data and surgically repair corrupted data on a growing number of SaaS platforms. Automated Smart Alerts are generated when certain data is treated in a way that deviates from historical trends or exceeds thresholds, including additions, alterations, and deletions.
Organizations that protect and preserve mission-critical data proactively, and employ automated analysis in anticipation of cyber incidents with solutions like Own Secure, are far better-positioned to prevent, detect, investigate, mitigate, and recover from problems impacting cloud data. The rewards are multiple, from exceeding business continuity targets, to an easier cyber insurance procurement process.
Similarly, cyber insurers would be well advised to adopt a proactive data-centric approach to risk reduction and to require provably robust data protection and recovery solutions as a precondition to coverage.