Device security and data protection go hand-in-hand, and it seems like you can’t have a successful IT department—or company—without them. As obvious as this point may be, there is a crucial piece that’s not so universally understood: how to protect your data and the devices that access it.
If this issue has posed a challenge to you and your team, read on for some tips on creating a solid data protection strategy.
Know what to protect
Protecting your data is critical, and it’s probably a lot easier than you think. The first step is to decide what needs to be protected.
In an ideal world, every last bit of data that traverses your environment would get the full data protection treatment, from encryption to backup. Alas, we do not live in that perfect world, and you’ll have to draw the line somewhere. In fact, it may help to draw some literal lines in the form of three overlapping circles labeled “security,” “redundancy,” and “availability.” Yep, we’re talking about a Venn diagram that would make your 4th grade teacher proud. This is actually a great way to visualize your digital assets and prioritize their security.
Think of every critical piece of data in your environment and toss them inside those circles. If the data in question requires high-availability, jot it down in the corresponding circle. If a piece of data requires two or more of the three protections, put it down in the appropriate overlapping space. Once this exercise is done, you’ll have a high-level idea of exactly what data protections your environment requires.
You should view your protection solutions through the same lens as the Venn diagram by using the three-pillar strategy outlined below. Note that just as your diagram categories overlap, your solutions to the points within will too. Now to the nuts and bolts.
Let’s start with data in the “Security” circle. The ones and zeros in this side of the data protection paradigm are likely under some form of regulation, be it HIPAA, GDPR, or otherwise. We’re talking about data from company financial files, HR identities, and even sensitive client data. As such, you’ll want a security strategy that covers your bits completely. This means encryption and access protection at all stages of a given workflow.
If that sounds prohibitively complex, fear not. Your data protection strategy doesn’t have to be—and shouldn’t be—developed from the ground up. Instead, take a multi-tiered approach. For example, work toward your goal of securing for both data and devices by deploying a fleet of secure printers that encrypt data and control access to document queues. By picking devices with built-in security, you can avoid complicating your network with additional hardware and software. This is a seamless way to support your data protection efforts and device security strategies.
To protect data in motion and at rest (and devices that are too complex for or unavailable with built-in security), consider a single cloud-based cloud security solution that is robust and can cover all endpoints. This kind of solution can take the burden of infrastructure maintenance off you and your team and eliminate the need to buy equipment and bandwidth as traffic continues to increase.
When it comes to accessibility, you need to control both the “who” and the “how.” The former can be tackled with an organized, comprehensive user access strategy—think Active Directory and other domain-level strategies. The “how” is a bit more tricky. You’ll need to walk a fine line between too little protection, and too much protection, which would hinder workflows and frustrate users.
A good rule of thumb here is to require strong identity verification at all critical access points. This means asking the user for something they know, like a PIN or password, and something they have, like a badge, a USB key, or a code sent to their cell phone. This kind of multi-factor authentication should exist at both the device level and the data level.
You’ll have to be honest and ask, “Does the public calendar that everyone in the office relies on really need to be on 24/7 high-alert top-secret lockdown?” To prevent those assets which fall into the overlap of security and availability from becoming headaches to use, consider de-restricting access where it can be afforded. Make it easy for legitimate users to access them via quick tools like password managers and authenticator apps. These steps can go a long way toward reducing the impact on workflow efficiency.
Backup early and often
To protect via data redundancy, backup is the name of the game. Meet with employees from departments across your company to understand which data assets would halt business operations if they were lost or made unavailable. Bear in mind that these won’t necessarily be limited to secret merger plans or your most closely guarded IP; you may find that humble tools like task trackers, calendars, and internal reference resources are also key necessities. The recovery process for each asset should correspond to its effect on business operations—the more critical the data, the more frequent and close-at-hand the backups should be. Therefore, you should take the time to develop a proactive backup strategy that accounts for both security and accessibility.
Think of this multi-tiered approach as a sort of crowd-sourcing for your protection strategy. Find ways to shift the burden of data and device protection onto the devices themselves where possible. This kind of distributed security strategy can add resilience and decrease pressure on any one component of your protection plan. You might just find the pressure on your own shoulders becoming a little lighter too!