All network security strategies are centered on protecting sensitive data and the success of such a measure relies on organizations’ understanding of both internal and external interactions with the data, according to Francis Ofungwu of Unisys.
Ofungwu, director of network security services at the company, writes in a post published Thursday that organizations must perform data discovery, data isolation and monitoring work to ensure that sensitive information is secure from breaches.
These “building blocks” are intended to support an iterative approach to data protection, he adds.
Ofungwu says data discovery covers data classification, flow analysis and gap analysis measures so that IT staffers can establish the task scope and complexity, form the data protection strategy’s foundation and plan resources accordingly.
“From the data discovery work stream, you now have a good handle on how sensitive information is transmitted, stored and processed in your environment.”
He adds that enterprises should isolate all entities that have been noted to interact with the sensitive data – such as people, technologies and processes – and reduce the potential attack surface through encryption or access control.
Ofungwu also notes that organizations should monitor the IT environment for changes that could potentially lead to vulnerabilities, using solutions like automated activity monitoring and event management systems.