The first challenge is that we treat a warlike situation like an ordinary law and order problem. What happens when we do that? We allocate bare minimum resources and are scarcely prepared.
But we have to fight wars differently. To put things in perspective, let’s have a look at some data. The US spends about 598 billion on military while 8 billion on policing. Does this make you think about how much more we have to do about data security? Organizations need to spend way more for data security rather than just buying some anti-malware or securing the network. So now some of the things we have to look into in detail are:
- How to get more funding for security?
- Role of Chief Security Officer (CSO)
- Do’s for IT developers and Security staff
We have createdas a state of the art application covering various aspects of security. These are a few best practices I would advise to every company to follow.
Network protection: Anti-malware, port scanning, VPN, SSL, etc. Outer network protection is the key to avoid security breaches. The problem is companies are only dependent on this layer, while they also need another level of security protection.
Zero Trust Network: Yes, you heard it right, do not trust your network. At home, you plonk your valuables wherever you want, but outside you keep it in your wallet or pocket. As the network is not secure anymore, you need to secure your applications using Zero Trust Network principles. It is a comparatively new concept by which companies should treat their intranet also like the internet. It mandates that –
– Communication between applications should be SSL compliant.
– Authentication via OAuth2 technology
Password protection: I have consulted 60+ companies, and I know that even most applications service account passwords are in a flat file and not an encrypted one. It needs to change. Every password protection has to be via Key/token-based authentication.
Use of the latest Patch: All the application should be on its latest patch of software.
Encryption on rest: Corporations should store all data in encrypted form.
To read about my recommendations in more detail, about these points,