INDUSTRY WATCH
Could you tell us how the Stealthbits Credential and Data Security Assessment ( CDSA ) solution is helping to address some of these key challenges ?
AR : The CDSA starts by analysing the different data stores within an organisation – where their sensitive information is and who has access to it – and draws out a path of how different misconfigurations can be abused to mishandle that information . So , everything from privileges directly to the data itself , all the way through misconfigurations within Active Directory or the underlying system that could result in that data being compromised . It gives high , medium and low priorities so you know where to start . These are the high-risk items and then you kind of work your way on down . But it uncovers not just what the problems are , but how to address those things .
How does the solution provide visibility and enable calculation of risk assessment ?
AR : Visibility starts with understanding where there ’ s sensitive information , who has access to it , what kind of risk is associated with that access and how , across a whole host of different systems in an enterprise . So that could be everything from sensitive attachments to emails to sensitive files and collaboration platforms like SharePoint and SharePoint Online and OneDrive . And what the credentials and data security assessment is geared towards doing is giving you a holistic view of where the risks are across that data and all those different systems and prioritising .
How can CISOs adopt this into their strategy ?
AR : A big part of it is risk prioritisation . So starting with understanding where all the risks lie , all the unknown unknowns and that ’ s what really helps roll it up into a broader strategy , starting with ‘ okay , here are the things we ’ re doing well out , here are the things we don ’ t quite understand yet ’. And then bringing back the necessary data points to prioritise that . This is where Stealthbits really helps shine a light .
What best practice advice would you offer CIOs for ensuring a robust long-term data security strategy and posture ?
AR : I think the key to securing data is equally considering what ’ s exploitable throughout the system level and with the credentials themselves . So , looking at the data is just one piece of the pie . You also need to think about the credentials that grant access to that data and the underlying systems that can be exploited to access data inappropriately .
DW : Brand protection is another area that ’ s driving CIOs to look at such solutions . We ’ ve had conversations with CIOs that don ’ t really understand to a deep level what they need to be doing , but they know they need to protect their brand because this is where the breaches are happening and they don ’ t want to be in the news . The CDSA solution itself is unique . That actually helps in our conversations with businesses and CIOs on mapping out their roadmap , because the vulnerabilities and the data that comes out of our assessment is quite often a surprise . The roadmap on what we do first is based on what information we get from the assessment . It provides a baseline to what ’ s important and what potentially needs to be addressed first .
SM : I think you have to establish a risk baseline as a first step to securing any organisation , as a reminder of what level of risk you are willing to tolerate . Every business is different . You must access your data workflow to find out what the key risks are that would damage your business and then plan to add resilience in an order based on the threats that each one poses . It ’ s unlikely you will be able to cover every base . So to extract maximum value from your resource , you have to make sure you understand where your baseline is and apply a frank approach . The other thing which is very important , is the segregation of audits . You should not depend on the administrator to get the audit – you must have the upper hand into your system so you can collect whatever you want without depending on the administrators . You can use a very easy tool like Stealthbits to help and give you all the required information with good dashboards , very easy access and configuration .
CE : I now advise CIOs to take a much more proactive approach to data security . They must be aware that there are security risks and threats which hit organisations when it ’ s least expected . So it ’ s important to stay on the watch with vigilant monitoring software . They must have pre-planned policies that cover risk monitoring and mitigation . CIOs must treat risk as something that is bound to happen , which means that using tools to identify potential risk will help them with their mitigation efforts . I also think that CIOs must take audits seriously . A security plan is not complete without regular audits . In summary , I think for CIOs to ensure optimal data security , it can be achieved through a first-class , security-first culture across organisations , no matter the industry . Security should be treated as the number one priority and all employees must be trained and educated accordingly . It ’ s only through these continuous efforts that an organisation can achieve a sustainable level of resilience . •
66 INTELLIGENTCIO www . intelligentcio . com