How can you protect your corporate data?

Data is the motor behind the digital transformation. “Data constitutes the basis with which organisations optimise their activities and improve interaction with their users, both internal employees and customers and partners,” says Aubrey Beelen, Product Manager at BKM-Orange. “That is precisely why ICT security should more than ever be at the very top of the CIO’s agenda.”

The new study “B2B ICT Priorities Compass” by Beltug, the Belgian association of CIOs and digital technology leaders, indicates that around half of all CIOs regard security as their absolute top priority. Data governance comes in second on the priority list. CIOs and ICT managers are particularly concerned about management and control of the rapidly growing data volumes within their company.

The need for IT security and data governance is perhaps most evident in the way companies organise their work today, especially since the outbreak of the corona crisis. After all, the large-scale shift to working at home highlighted the need for secure solutions for exchanging, modifying and storing information.

Security throughout the data journey

To be able to rely on a sound security strategy, an organisation must approach the protection of its data holistically: security needs to be interwoven into the whole data journey.

This journey encompasses the path this data will take: from its collection (for example, during a customer contact or via an IoT application), through its transport over the network, to its storage and processing. “The real value lies in the analysis of this data,” says Aubrey Beelen, “and in the development of new insights.”

Assessments

It is crucial to preserve security throughout the data journey. To be able to do so in a very targeted way, a company must first have an overview of the existing situation and the potential risks. A thorough analysis identifies how the environment is changing and where extra efforts are necessary.

“Assessments allow companies to keep their cybersecurity strategy up-to-date,” says Aubrey Beelen. “They demonstrate to what extent an organisation is exposed to cyber risks and what the impact might be. On the basis of this analysis you then work out a global strategy, based on a pragmatic analysis of risk and impact, without having to be a technical expert yourself.”

Zero Trust Access

As far as the operational part of the strategy – in particular the security of the infrastructure – is concerned, businesses often opt for the principle of zero trust. This approach reverses the classic approach to security. Only users who are identified as legitimate by technology such as VPN, NAC (Network Access Control) or MFA (Multi Factor Authentication) can gain access to the company’s IT environment.

Detection and Response

Cybercriminals are not only increasing the sheer volume of their attacks, they are also going about it ever more inventively. This means that traditional security methods – such as firewall and antivirus – are no longer sufficient. “Most successful attacks take place via malware that the traditional tools cannot intercept,” says Le Clerc. “Hence the need for a different approach, that of detection and response, which is oriented towards identifying an incident as quickly as possible and taking the proper steps.” Orange offers detection and response as a managed service that covers the network, devices and employee identification.