Deciding how to spend limited data security budgets requires you to think critically about where the biggest potential threats to your system and data will come from and what the most effective ways to eliminate those threats are. Once the basic security protocols are in place (i.e. keeping the system up-to-date with the latest software patches, bug fixes, and security updates, IT security teams have to look at the more advanced types of threats that can compromise a system and put into place tools and strategies to combat them.
Investing in endpoint threat detection can greatly reduce the ability of hackers to break into a system. Endpoints (the machine at one end of a network connection) are often the initial point at which a system’s security becomes compromised. Better alerting for when these types of breaches occur or are attempted can help security teams locate and disable the source of the threat.
Investing in endpoint threat detection is especially important your mainframe and servers are accessed more and more though the personal devices of employees and customers. Securing individual devices is challenging–but not impossible–when they are out of the direct control of the IT department. IT security will have to learn to be more reliant on software solutions for access control than on maintaining rigid control over the hardware or server rooms.
There are signals that can indicate a compromised endpoint. For example if a user attempts to login from a system in Beijing a few hours after gaining access in Chicago there’s a good chance someone else is posing as that user. Security systems that use two-factor authentication can help to protect endpoints from unauthorized access.
Securing endpoints and implementing endpoint threat detection will help prevent breaches into the system and alert appropriate personnel when a breach is attempted. However, mainframe environments, especially those with hundreds of thousands of connections and endpoints, sometimes make it too difficult to rely on endpoint protections. Especially since many of the endpoints are out of the control of the mainframe. Because of this, security solutions on the network itself–solutions that determine who can connect and what sorts of information they can access–have increasingly become the more useful investment.
Being able to deploy a single security system across a broad network makes this an important area to secure. Also, securing network traffic can prevent hackers from sniffing out and intercepting network traffic or from performing a man in the middle attack. Also, including end-to-end encryption on the data that moves across the network can help protect it even if it is intercepted while in transit.
When it comes down to it, the breach of applications and their data pose the biggest threat to organizations. The applications and the data processed and stored within them need to be protected from attackers. Even if a hacker is able to gain access to a database, the information stored there should be encrypted and rendered useless to him. And by using a key management system that stores the encryption keys separate from the data they decrypt, even having root access to the machines that store sensitive data will not be enough to compromise its security. Encrypting data helps ensure that the only people who can read and access certain sets of data are the people who have the proper authorization to do so.
There does not exist one single right answer for where to invest next for your security system. The important thing is that you assess your system’s strengths and weaknesses to discover where you should pay the most attention, and as such, the most dollars. Therefore, as you determine where to invest next in your data security system, perform a self-audit on your system to see where the potential weaknesses are so that you can take the right steps to closing gaps in your security system.