Protecting data and exploiting its value accurately go together
We are in a scenario where the level of technological maturity regarding security is very high. In the field of Big Data, security measures must always go hand in hand with data.
At PUE we are aware that protecting data is a highly critical issue for those companies that we help in the implementation of this type of strategy.
“Designing a strategy for data exploitation that also considers cybersecurity is not only possible, but a must.”
Sergio Rodriguez de Guzman, CTO PUE.
In this forum organized by Computer World University, and moderated by Marlon Molina, we analyze data strategy and cybersecurity, at a time in which focusing on data is key for companies.
With the participation of Juan Luis Garijo del Cura, Country Manager at CrowdStrike; Jose Luis Laguna Merino, CTO for Iberia at Fortinet; and Sergio Rodriguez de Guzman Rodriguez, CTO of PUE.
Keys to secure and protect data
The challenge for companies is huge. Not only do they have to prevent cyberattacks, they also have to keep up to date with new directives and regulations in the EU’s information security regulatory framework. Coordinating the rhythms and speeds between how cyberattacks evolve, changes in regulation and the ability of companies to adapt in time does not always lead to the perfect balance. Gaps can occur that allow cybercriminals to get in on the act.
What is clear is that complying with the legal and regulatory framework is mandatory, not optional. And companies are the first ones interested in protecting data and information.
How many times have you heard “my personal information is not that interesting to a hacker”? That belief poses a great risk, since our phone is full of applications, personal and corporate ones, that act as a direct gateway to company data.
There is no point in spending our entire budget on an armored door if thieves can easily get in through a window. The same applies when we try to protect the data in our organization. If we invest large amounts of money in technological measures that prevent certain attacks from occurring, but there is even one unlocked entry door, all those measures will be worthless.
Just as machines need security updates, we users also need to keep up to date with cybersecurity and never let our guard down. If you invest in a great car, how can you not keep the person driving it prepared?
There are certain standards related to data security that are applicable to every organization, such as having a good installed base or updated operating systems; but depending on each case, they can be adapted to the needs and requirements of each organization.
These are some of the keys to take into account when establishing the best data security and exploitation strategy:
- To know where to go, we must know where we are at
- The culture of cybersecurity must be embedded within the company
- Keep operating systems up to date
- Act with the greatest agility possible
- Do not assume that a service provider is going to take care of everything related to cybersecurity, as it will have to be complemented
- Be aware that cybersecurity is a process of continuous improvement
- Count on the right partner
How to incorporate cybersecurity into a Big Data strategy?
It all starts with perimeter security. Although it is true that Big Data platforms are not excessively exposed, this does not mean that we should let our guard down. Within the structure of a Big Data platform we are accumulating a huge amount of information, which makes it practically a treasure chamber.
From this perimeter security comes all the authentication, authorization and roles required to access the information.
On the other hand, we have the separation of responsibilities. That is to say, just because someone is the administrator of a platform does not mean that they can read absolutely everything. The right thing to do is to separate those responsibilities, so that you always have at least two different profiles or roles to manage a platform.
And, of course, do not lose sight of the fact that it never ends. Constant review and security improvement are essential when protecting data.
Breaking data security myths
We must bust the myth that what is in the cloud is already secure. It is necessary to know where the responsibility of a cloud service provider ends and where the company’s responsibility begins.
It is essential to be very well informed about this point and to cover with third-party solutions everything that is not provided by our cloud provider. Data can be equally protected or unprotected regardless of whether it resides in our network or in the cloud provider’s network.
Cybersecurity and protecting data is a state of mind that must be constantly worked on by all employees of organizations. It is not just a job for managers or technicians.
How do we strike the balance between performance, reliability and data security?
Safe and unsafe is not black and white. There are different levels and scales between an environment that is not secure at all and one that is almost military grade security. How do we achieve that balance? By knowing very well the information we have.
When we talk about data management, data is not on the front line, it’s usually in a more restricted environment. From there, depending on the types of data we tend to store, we can encrypt communications, limit access or evaluate the trust of communications between agents and servers, among other aspects. This can have a certain impact on performance.
There are nuances that allow us to choose up to what point of security we want to reach or if we want something in between. Meteorological data, for example, it is not as sensitive as medical data.
In these times, where the cyber threat landscape has intensified, it is necessary to define the responsibilities surrounding the data from the outset. That is not to say, of course, that it cannot be incorporated retrospectively. But if it is done from the very first minute, even better.
At PUE we help you define, plan, develop and implement solutions based on the objectives and needs of your project and organization.