In our previous blog, The states of data, Part 2: Why visibility is key for protecting data at rest, we discussed the importance of discovering data; classifying it; assigning the right permissions; and getting rid of redundant, obsolete, or trivial data to protect data at rest. While doing all this can get you started, achieving data security takes more than that.
In this blog, we’ll discuss why it’s important to monitor how your data is being used, the various threats to data in use, and how you can protect it. Let’s cut to the chase by learning what constitutes data in use.
What is your organization’s data in use?
Data in use is data that is currently catering to the needs of a particular user. So, your organization’s data in use could vary based on the users accessing it. Some examples of this include:
-
A spreadsheet containing details of a campaign’s performance could be in use by a user in the marketing department.
-
An employee record stored in a human resources (HR) management application could be in use by a user in the HR department.
-
A document containing details about market research, product testing, and competitor analysis could be in use by a user in the R&D department.
How is your sensitive data being used?
Over the past decade, data analysts have moved from Clive Humby’s notion of data being the new oil to now placing its value over oil. The fact that data has grown over 60 times in the last decade reaffirms how organizations have inculcated data in their digital transformation journey.
But, akin to lottery winners being clueless on how to manage their earnings, most organizations do not know how their data is being used. This could lead to the misuse of data and prevent you from making the most of the data you collect. A good place to get started for an idea on how your data is being used would be to know:
-
What data is being used: Organizations rely on various types of data, ranging from sensitive data, such as the personally identifiable information of employees, to publicly available data, like company contact information. Detecting data being used can help in laying the basis for the steps that follow.
-
Who is using data: While data such as company contact information can be accessible publicly, sensitive data shouldn’t be accessible to everyone within the company. Detecting who is accessing sensitive data can keep you informed about any anomalies in access.
-
Why data is being used: Sensitive data must be handled with the utmost attention, as users could misuse their access to it. Some users might use it out of genuine need, while some might access it with malicious intent. Analyzing why it’s being used can help you ensure data is being used only for the purpose it was intended for.
If your security analysts do not have a clear picture of these three questions, then your organization might be vulnerable to cyberattacks. Here’s an example of an incident where a former employee of a New-York-based credit union misused sensitive data.
The tale of a New-York-based credit union: How your data can be used against you
In a global economic downturn, tech layoffs make the news every other day. While organizations view such measures as a last resort, mounting pressure from investors and the stock market often leaves them with little choice. However, the sensitive nature of these decisions cannot be overstated. How companies handle such situations can make all the difference; mishandling them can leave employees disgruntled, and an employee in that state of mind may resort to misusing or leaking sensitive organizational data.
One striking example of this occurred with a New-York-based credit union in 2021, amidst the turmoil of the pandemic. Following a layoff, an employee, feeling disheartened, sought retribution by accessing the credit union’s file servers. In a damaging act of defiance, the employee deleted 21.3GB of confidential data, comprising 20,000 files and 3,500 directories. Although they were jailed for a decade for this wrongdoing, the damage had been done, with this incident posing a significant security risk for the bank and leaving its customers scrambling for paperwork and approvals.
This is just one example of how your data can be misused and how sensitive data can be lost if your organization doesn’t monitor it and implement efficient security policies.
How to protect data in use?
Data in use is data that’s already accessible to a user and that has the potential to be misused. It’s vital to monitor your data to detect and prevent actions that could expose sensitive data; make it unavailable for authorized users; and impact your data’s confidentiality, integrity, and availability—the CIA triad. This can be achieved with the help of a file auditing solution.
A file auditing solution will provide you with insights on actions performed, such as create, modify, rename, delete, and overwrite, and identify the users performing these actions in real time. This information can help you detect anomalies in the usage of data, instantaneously respond to such abnormalities, and ensure that your data isn’t misused.
The New-York-based credit union could have prevented and mitigated the damage of data loss had it detected the surge in file delete activities. Implementing a file auditing solution in conjunction with a data risk assessment and file analysis solution can keep you informed about the data you have, how sensitive it is, its value to your business, who has access to it, and how it’s being used.
One step closer to holistically securing your sensitive data
A file auditing solution coupled with data risk assessment and file analysis can help you secure data at rest and data in use. But, to truly achieve data security, it’s important to secure data in all of its states. In our next blog, The states of data, Part 4: Securing data in motion through treacherous transits, we’ll discuss the threats to data in motion and how you can safeguard it. Stay tuned!