When it comes to data storage, enterprise security is currently fighting a war on two fronts. Firstly, the quantity of information that organisations need to safeguard is increasing. As the digital revolution progresses, companies are consuming and storing more information than ever before. Secondly, this challenge is compounded by the growing trends of BYOD and flexible working policies. These have resulted in information being spread across a much wider variety of devices and locations, as opposed to being confined to the traditional data centre.

Of course, an increase in the number of data storage locations means that the potential access points to company data increase exponentially. Essentially, every mobile device, every laptop and every computer used by the workforce to store business information could be an entry point for a hacker or piece of malicious software. Needless to say, if devices are breached in this way it can cause significant financial and reputational damage to an organisation.

The scale of these entry points means that the IT team are left with the unenviable task of policing what is potentially an ever-expanding crime scene. However, if the IT department adopts a forensic-style approach to identifying where and when a breach has occurred, then it should not take Sherlock Holmes to mitigate data risks for the organisation in the future.

Is it an inside job?

CIOs, CSOs and CISOs have a tendency to focus on security threats that come from outside their organisation. Whilst it is certainly true that many high-profile data breaches come from outside the corporate network – the Target and JPMorgan Chase breaches, for instance – dealing with attacks on privacy and security from ‘insiders’ who are privy to the network can present an even bigger challenge.

Breaches that are caused by an insider are known as data leaks. Whilst they may not be as infamous as external hacks, Morgan Stanley, Goldman Sachs, Experian and Microsoft have all suffered the consequences of a ‘trusted source’ leaking confidential information.

Oct-Dec 2015 Issue