Blog: Jumping Through Hoops for Data in Motion

Cybersecurity
(noun) The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this

Oftentimes routine use of data becomes commonplace. What is standard practice can at times create a false sense of security. But let’s face it, we can’t just keep our data at home, under lock and key, swaddled in bubble wrap and protected to the nth degree. In fact, data has to go out and experience the world and grow up and contribute to our global society (or at least someone’s business process).

Yes, it will be at risk. But if we’re lucky, it will be protected and cared for, and in some cases come back to us enriched. The best thing we can do as data parents is proactively prepare data for its venture into the outside world and do our best to get it where it needs to go safely.

October is National Cybersecurity Awareness Month, and you’ll hear much ado about enacting strong passwords, being wary of public Wi-Fi, and exercising caution on social media, among other things. We want to supplement those personal cybersecurity discussions by talking about something a little more behind the scenes but perhaps even more important: securing business data movement to help keep mission-critical business information safe.

Times Have A’Changed

Business needs and use cases evolve, and organizations must adapt to changing processes and mandates. So when new technology comes along to help facilitate these processes and mandates, the implementation for this new technology often gets fast-tracked to help the company as quickly as possible.

But new technology usually isn’t well-understood at first, and deploying it could introduce new security risks. If the request is coming from a business unit, executives may tend to look at the reward first, then cost, then risk. If someone isn’t thinking through, planning for, and mitigating that risk — all while continuing to add new infrastructure and data connections — that organization may be vulnerable.

Some examples of new “data in motion” technology that breaks traditional cybersecurity boundaries and warrants advanced security needs:

Big data: Companies gain valuable insights into their businesses with the plethora of data out there, and the latest and greatest big data processing engines, such as Hadoop, make rapid analysis easier than ever. But ensuring data securely moves in and out of the processing platform cannot be taken lightly; the high concentration of data makes an especially alluring target for hackers. And many use cases for big data involve moving data across company boundaries, adding additional security concerns.

Internet of Things: If it can be connected to the Internet, it can be hacked, and that raises a million security concerns with information constantly en route between systems. With the ability to control your home thermostat and security systems from your phone, the smartwatch’s ability to alert your doctor to medical events, and the smart software installed in connected vehicles, there exists massive opportunity for data interception and mismanagement. That spells concerns for consumers but also puts pressure on organizations to practice safe cybersecurity. Society can become incredibly vulnerable as bad actors gain remote access and control of vehicles, transportation systems, energy production, and more.

Mobility: Business has gone global, and mobile apps and consumer-grade person-to-person file sharing tools have made it much harder to control data access among employees, partners, and contractors working outside the company firewall. But it’s not just employees that threaten the business. The customer experience includes mobile and social platforms, and those offerings also must be top of mind when it comes to cybersecurity strategy.

Seek Out Exceptional Solutions to Secure Data in Motion

Information security causes goosebumps for many organizations at any time but especially now given the constant development of new technology, so it’s important to seek integration solutions that enable simple implementation of securing data in motion while adhering to your IT security policies.

So what are some key characteristics that all highly-secure data integration solutions should include? A few of them:

• The ability to gain high-level, domain-specific information (such as EDI, expected SLA, payroll data, etc.) and integrate with security analytics solutions
• Configurability and business rule framework to better detect attack patterns
• Integration with overarching attack detection and prevention systems
• Encryption for both data at rest and data in-flight
• Integration with multi-enterprise key management

Thus, the software that sets your data in motion should be able to:

• Rapidly detect DOS attacks via access to domain intelligence
• Instill a rule framework to rapidly detect anomalies and respond
• Provide mail encryption, PGP, and FIPS 140-2 compliance
• Delegate to LDAP and other key management protocols
• Never have unsecured (or even encrypted) data in your firewall DMZ
• Automate management of certificates
• Avoid requiring UDP or other firewall changes to support new B2B connections or high-speed data transfer

Take the time to understand your organization’s security needs, assess vulnerabilities, and deliver a secure solution for meeting these and other business needs.

Recommendations

Cyber attacks on corporations are getting more elaborate, and data flows inside and outside the company firewall carry big targets because they’re seemingly harder to protect. End-to-end encryption of key information should always be step one, but a managed file transfer solution will secure, manage, control, and govern the data flows that power your business. MFT solutions combine the file transfer security you need with an enterprise software product that protects your business and embraces change.

While October is meant to promote awareness, cybersecurity must be a perpetual emphasis. In the workplace and at home, cybersecurity is more than just a few tips; it’s an overall awareness and strategy to fight against the unauthorized use of electronic data. Let’s all take steps to shore up our own data in motion and breathe easier as we send our data safely out into the world.