ArticlesC2 Winter 2021DataData Security Getting Started with Data-centric Security by Dan Simmons December 6, 2021 written by Dan Simmons With a proliferation of cyber-attacks throughout the pandemic, data-centric security has been pushed to the forefront of many organizations’ cybersecurity strategy. Even companies with mature security programs are vulnerable to breach, and since data is a valuable asset, it is crucial to properly protect it. The importance of securing data, whether it is at rest or in-use, is being understood as companies realize the consequences of data breaches and non-compliance with data privacy regulations. What is data-centric security and why does it matter? The answer is practically in the name. Data-centric security centers itself around the data; it focuses on securing data where it is stored and processed, rather than solely protecting the perimeters around it. It takes a zero-trust approach alongside the principle of least privilege with regard to user access, ensuring the utmost protection of valuable assets. This matters because, with the surge in cyber-attacks, many organizations have had to deal with the repercussions of data breaches, such as reputational damage, fines for non-compliance, and loss of business. Furthermore, with data security a key consideration when arranging an organization’s budget, following a data-centric model provides not only the best type of protection against threats, it also delivers the highest value and minimizes compliance burden. How should a company get started with data-centric security? When companies decide to implement data-centric security, they are able to take control of their own sensitive data, which lowers compliance costs and reduces the risk of data breaches drastically. There are 5 steps to implementing data-centric security: Locate sensitive data: First, companies must identify all places where their data is stored, processed, or used. This is a necessary first step in complying with regulations, by carrying out regular risk assessments, logging access, and data disposal. Data minimization and reduction of scope: This is a common best practice to reduce the amount of data being processed within the organization. It has the advantage of minimizing general risk and reducing the time, effort, and costs that are associated with securing data. Data protection risk impact assessments: With the threats to personal data and cardholder data continuously changing, organizations must conduct regular reviews to measure how well their data is protected and update their security programs accordingly. Define policies & protection methods: Security policies should define which data is going to be protected and how. Data classification tools can help by identifying data elements and deciding the right protection methods to use. For example, every employee’s account poses a vulnerable attack vector, so access should be extremely limited. Have an audit trail: Companies should always log their access to sensitive data, as it is an indispensable part of any data security strategy. Access logs are also useful for proactively detecting potentially malicious activity. With attackers continuously focusing on data assets, endpoints and identities, we must shift the focus from securing networks, applications, and endpoints to identifying and protecting vital data. Not only will companies be better prepared in the event of a breach, but they will also be uniquely positioned to protect the assets that matter the most while adhering to the strictest of security and privacy laws. Want to learn more? Data-centric security protects the data itself so that even in the event of a breach, no exploitable data is exposed. There are many cases where processes can be carried out on data while it’s still in a protected state, allowing digital organizations to continue humming along while keeping sensitive data safe. To learn more, check out our data protection platform solution brief: December 6, 2021 0 comment 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021CloudDataData StorageEdge-to-CloudHPE GreenLake HPE GreenLake edge-to-cloud platform brings the cloud to you by Flynn Maloy December 6, 2021 by Flynn Maloy December 6, 2021 After years of working in cloud environments, we’ve come to expect some basics that we collectively refer to as the “cloud experience.” For example, scalable capacity that’s ready when you need it, and the ability to easily click and spin up new instances. In short, we expect a point-and-click … 0 FacebookTwitterPinterestEmail
ArticlesC2 Winter 2021 Working the Great Resignation: How Employers Can Transform Things to their Advantage by Dana Gardner December 6, 2021 by Dana Gardner December 6, 2021 The so-called great resignation has anywhere from half to two-thirds of U.S. workers looking for something other than their current situation. Whatever the percentage, there’s no question that workers across the board have and continue to quit in droves. 0 FacebookTwitterPinterestEmail
C2 Winter 2021Leader's notes Editor’s Letter by Stacie Neall December 6, 2021 by Stacie Neall December 6, 2021 Welcome to The Best of Hewlett Packard Enterprise 2021 In this issue’s cover feature, “Maximize your cloud experience everywhere,” Alexey Gerasimov shares what hybrid cloud means to HPE and, most importantly, how HPE GreenLake helps customers innovate faster and wiser on their transformation journey. With so much at play … 0 FacebookTwitterPinterestEmail
C2 Winter 2021Leader's notes A Note from Connect Leadership by Marty Edelman December 6, 2021 by Marty Edelman December 6, 2021 Greetings fellow community members, The year is coming to a close and that means it is time for our “Best of HPE 2021” issue. It is jam-packed with great content (as are all of our issues!) that should help you do your job better as you learn about new … 0 FacebookTwitterPinterestEmail