Reggie Best, chief product officer at network specialist Lumeta, presents a GDPR checklist to reduce network complexity challenges around securing IoT and cloud environments.
Security and network teams are learning that increasing network complexity has exposed them to a greater attack surface. This complexity is caused in large part by the expansion into the cloud and supporting IP-enabled mobile and Internet of Things (IoT)/Industrial Control Systems (ICS) infrastructure. Today’s companies are battling frequent and widespread ransomware attacks, many of which have had a severe impact on both the reputation and financials of many well-known companies. On top of this, additional requirements imposed by the EU’s General Data Protection Regulation (GDPR) is putting significant pressure on organisations.
The countdown has begun and GDPR will begin to be enforced in less than a year. GDPR is emerging as a board-level issue for many multi-national organisations and the pressure is on cybersecurity professionals to ensure the necessary steps are being taken to protect the personally identifiable information (PII) of EU residents. Unfortunately, network complexity is causing real challenges. It can be difficult to gain full control and visibility of the network since today’s data resides across physical, virtual and cloud networks, as well as on endpoints like smartphones, tablets and notebooks. To make matters even more tricky, to comply with GDPR companies will need to be able to answer where all PII is being stored, with whom it’s being shared, how the organisation is protecting it and what they’re using it for.
Now is a critical time for organisations to plan, budget and make any remaining changes needed to meet GDPR guidelines. Failure to comply with the regulation’s standards will result in hefty non-compliance fines. To realistically achieve GDPR compliance in time for the May 25, 2018 deadline, organisations should first ask themselves the following questions:
- How confident are you in identifying and securing every single related asset that stores or processes sensitive user data? For instance, have your cybersecurity professionals located all rogue or shadow IT infrastructure? Have you determined what data is being held, where, and why? Who’s accessing that data currently and who should have future access? Can you truly identify new and existing leaks to the Internet, that could be exploited at any moment to compromise PII?
- Can you truly see in real-time or is our “continuous” monitoring actually just periodic polling? For instance, is your IT team tracking cloud apps or virtual machines (VMs) each time they join or leave your network? Are all ports and endpoints known in real-time? How are you managing internet of Things (IoT) technologies? Can you see new paths being created in real-time to and from locked-down sensitive resources that should support limited communication channels?
- Do you know your entire extended network across suppliers, customers, consultants and other organisations you interact with? For instance, do any trusted network assets show up on attacker lists? Are there any active devices on your network using known Trojan or malware ports? Can known threat or malware IP address space be reached from within your network?
Once these crucial questions have been evaluated, organisations and their cybersecurity professionals can incorporate them into their compliance program by leveraging the following key technology best practices:
- Data Processing and Storage Assessment: By identifying any EU-based PII, evaluating all access rights and additional security measures, and assessing current and future risk to the data, organisations can guarantee the identification of all their assets at all times, even when processing. They’ll also be able to better assess their data segmentation policies. To identify any new network assets, cybersecurity professionals should make sure correct patch level and endpoint protection is in place. They should also identify whether those assets are changing any network topology, and monitor them from a single, cohesive pane.
- Breach Prevention Program Implementation: When organisations are able to restrict access to PII, define, document and implement data security controls, and continuously evaluate the inevitable changes to PII and access, they’re able to discover all new assets or changes in real-time and properly test and execute network segmentation. To identify any unauthorised network paths in real-time, cybersecurity professionals should ensure segmentation for protecting access to PII, and continually identify any segmentation violations across their GDPR environment.
- Monitoring, Detection and Response Execution: To achieve GDPR compliance, organisations must have real-time visibility across all of their networks, devices and endpoints, including any VMs. They also need to be able to instantly detect any suspicious network behaviour and get a faster picture of the network and security context surrounding the malicious activity in the event of a necessary remediation effort. Continual network monitoring, threat detection and incident response plans can enable compliance and allow cybersecurity professionals to identify any behaviours that could be indicators of active breach activity.
Don’t fall victim to GDPR-induced panic and don’t destroy your entire IT budget in an attempt to quickly meet GDPR standards. Focus first and foremost on implementing continuous, real-time network visibility. By monitoring all network activity, devices and endpoints — including VMs in the darkest corners of an infrastructure — your organisation can achieve GDPR compliance and, even more importantly, can accurately identify potential malicious network activity and gain the context and intelligence to detect and stop threats before a breach ever occurs.