Structure your unstructured data security strategy

Threats to your data—the lifeblood of your business—are all around the enterprise. Whether the threat is state-sponsored attackers seeking to steal your customers’ personally identifiable information (PII) or simply the unintended exposure of valuable intellectual property, you need to be able to identify sensitive data that's subject to abuse, classify it appropriately, and defend it with data-centric controls that persist with the data as it’s moved, used, and stored across a global enterprise.

Mandates such as the EU's General Data Protection Regulation (GDPR) and the pending California Consumer Privacy Act aim to enforce penalties for data privacy violations. But beyond compliance, the upside of reliable data protection is that it enables you to use your data appropriately, as your customers and shareholders expect, in order to create new business value with great products and services.

Users today are on high alert; lose or abuse their data, and you'll lose their trust, your advertising dollars—you name it. But get it right, and you can more quickly outpace your competition. You can use that data to gain more insights with new applications, increase brand loyalty by understanding your business and customers better, and improve your offerings as a result. Trust assurance is good for business.

Here's why you should structure your unstructured data security strategy, along with innovations to help you protect what matters most—your users, apps, and data—with highlights from relevant talks at the upcoming Cybersecurity Summit in Washington, DC, this September 25-27.

Gartner Market Guide for Data Masking 2018

The challenges of controlling unstructured data

While there are tools to help better manage the types of structured data you typically find in databases and data lakes to cover sensitive field-level data—such as usernames, Social Security numbers, and so on—it’s often the unstructured data found in files, such as documents and spreadsheets, that's trickier to manage, and can create higher risk.

By definition, “unstructured” means you have free-form movement of potentially sensitive data in files with controls that can quickly become ineffective outside of specific systems or applications where those files are contained and controlled. Once that file is exported, all bets are off.

Here are three examples of the types of risks likely affecting your organization today:

  • Spreadsheets shared with colleagues across untrusted public networks: What’s in them? Who should access them?
  • Customer contact information in a text document sent by email from an Internet café: Is that network secure?
  • Confidential customer references downloaded in a slide deck that's stored on unrestricted internal servers: Who has access for collaboration?

How many of these scenarios exist inside or outside of your network? To what extent? Do you operate in dual-use or multi-user environments such as an HMO, military contractor, or public cloud? And how do you minimize the risks of improper data exposure across all these various scenarios?

You most likely can’t. But you should at least know the extent of the threats as a starting point, and from there you can start to look at implementing the right controls needed. 

How to solve the unstructured data problem

There's a better way to address the safe handling of both structured and unstructured data: Leverage industry-proven, vetted technologies and best practices.

The upcoming Cybersecurity Summit will be covering both topics, but the unstructured data problem will get a fresh look, with dedicated sessions during this year's event.

Here are some highlights of insights you'll get from data security subject-matter experts, partners, and customers to help your organization answer the who, what, where, and how of controlling access to unstructured data. Topics include: 

  • Unstructured data discovery: What do I have at risk?
  • Unstructured data classification: What sensitive information requires protection? 
  • Unstructured data protection via transparent file encryption techniques: How do I secure data while minimizing disruption? 
  • Access control via centralized policies that travel with the file: How do I persist controls, inside and outside my enterprise? 
  • File usage monitoring, alerting, and reporting: How do I quickly audit and remediate threats? 
  • Auditing and compliance for unstructured data regulatory compliance needs: How do I close gaps to comply with the latest mandates?

The summit will also cover a broad range of other topics core, including innovations to help you protect what matters most—your users, apps, and data. Here are highlights of the speakers, tracks, and sessions.

Cybersecurity Summit highlights

Track: Addressing threats, attacks, and breaches

Preparing for when your organization will be breached: Prioritizing and protecting

Discussion participants:
Micro Focus chief security strategist Shogo Cottrell
Security business strategist Paulo Veloso 

Preparing for breaches requires your organization to develop a better understanding of how to manage risks associated with the systems, data, and capabilities that are included in your critical infrastructure. As the threat environment develops, so too must enterprise security practices. 

This session will help security stakeholders understand that taking the time to identify critical systems within the infrastructure, risks that could impact these and roles and responsibilities of internal staff and external partners will help streamline efforts that set the stage for being able to effectively thwart attacks and minimize any damage caused by a breach.

Detecting and investigating threats: SecOps and analytics

Cory Kennedy, Centurylink

With limited budgets and resources, many security teams struggle to keep up with basic threats—never mind advanced and targeted ones. In fact, nearly half of all breach victims don’t even know they’ve been attacked until they’re notified by an outside party, often law enforcement. This session will discuss approaches that can help you detect known and unknown threats in your environment, as well as investigative actions you can take to address critical alerts.

Effective incident response: Security orchestration and automation (SOAR)

Miguel Carrero, chief revenue officer at Siemplify
Tammy Torbert, ArcSight Investigate product manager and global architect

Security orchestration and automation (SOAR) provides more time for your team to concentrate on the strategic insights of business and build a deeper layer of defense, as well as help connect the dots between activities and better inform security team members in the event of an incident. This session will discuss how SOAR can help your organization quickly respond to alerts and respond to incidents.

Track: DevSecOps

Prioritizing risk relative to mitigating vulnerabilities

Jimmy Rabon, senior product manager, Micro Focus Fortify
Lucas von Stockhausen, senior product manager and application security strategist, Micro Focus

Vulnerabilities at the application layer accounted for the majority of breaches in previous years. With the proliferation of applications, attacks targeting applications continue to be an increased risk for organizations of all sizes. This session takes a practical approach to prioritizing application-related risks and mitigating vulnerabilities efficiently through automation, integrations, and continuous testing.

Shifting security left: Bringing security into continuous integration and delivery

Brandon Spruth, senior engineering manager, Target
Brenton Witonski, application security consultant, Acxiom

If the notion of rapid development, rapid deployment, and continuous integration makes your security team nervous, you may be able to engage them by demonstrating how security doesn’t have to be an afterthought in the development process.

This session shows you how to leverage application security and identity and access management to build secure applications at the speed of DevOps.

Application security as a service: Start your application security initiative in less than a day

David Harper, practice principal, Micro Focus Fortify

Cybersecurity talent is hard to find and even harder to keep—especially application security specialists. Starting your application security practice from scratch or expanding the scope of the existing program can be challenging. Using application security as a service to kick-start or complement your program is an efficient and swift method for achieving desired results. This session offers up lessons learned from multiple implementations and proven ways to ramp up your application security by leveraging application security as a service.

Prioritizing risk relative to mitigating vulnerabilities

Jimmy Rabon, senior product manager, Micro Focus Fortify
Lucas von Stockhausen, senior product manager and application security strategist, Micro Focus

Vulnerabilities at the application layer account for the majority of breaches. As applications continue to proliferate, attacks targeting them present an increasing risk for organizations of all sizes. The presenters discuss a practical approach to prioritizing application-related risks and mitigating vulnerabilities efficiently through automation, integration, and continuous testing.

Track: Risk, privacy, and compliance

Privacy strikes back: Make sure it’s not at you

Joe Garber, global head of product marketing Micro Focus
Luther Martin, distinguished technologist, Micro Focus Voltage
Robert Roy, CTO for US public sector, Micro Focus Government Solutions (MFGS)
Max Averbukh, consultant

It's been said that 2018 is the year people lost their privacy. But regulators are enacting new legislation—or enforcing existing legislation—to ensure that people gain back their privacy in 2019 and beyond. This raises the stakes for global enterprises to improve data governance and protection throughout the data lifecycle. Strategies for risk mitigation include an interlock of tools and techniques to improve governance, manage identity, and protect data. But hidden in the process of identification, classification, and protection are major opportunities to create value for the enterprise and dramatically change the ROI calculation of compliance. 

Recognition and risk: Ensuring the right level of identity assurance

Rob MacDonald, director of solutions marketing, Micro Focus

Identity management is about ensuring that the right people have the right access to the right things at the right time. But identity assurance helps ensure that the people using those credentials are who they say they are. Organizations need to deliver trusted identities and trusted access. Users need secure access to many applications and resources to get their jobs done, from wherever they are in the world. 

Complications arise when delivering secure access because applications and resources are on-premises and in the cloud, and users expect to access them with mobile devices and desktops. In this sprawling, complicated landscape, organizations need a common, consistent means of securely authenticating users everywhere. 

IT organizations need an identity-centric, risk-based approach to identity and access governance, and must deliver security in an adaptive manner.

Cloud-based data privacy and protection: Protecting data and privacy across hybrid IT

Mathew Spitz, DevOps engineer, Esurance
Joe Garber, global head of product marketing, Micro Focus​​​​​​
Lacy Gruen, product marketing manager, Micro
Focus
Reiner Kappenberger, head of global product management, Enterprise Data Security, Micro Focus

Enterprises are adopting cloud environments and services wholeheartedly, using an average of 27 different SaaS applications, such as Salesforce and Microsoft Dynamics 365, to help run the business. They are spinning up workloads through Amazon Web Services and Azure, using cloud infrastructure for disaster recovery and more—and that creates major challenges for enterprises to govern data security and privacy across hybrid IT. 

Concerns about control over platforms, multi-tenancy, data residency, identity and access, collaboration, and data flowing into and between clouds are enough to keep a CISO awake at night. And don’t even mention shadow IT. Join a discussion on the challenges and best practices for data and identity governance and protection in hybrid IT.

Track: Enabling business through digital transformation

The hybrid enterprise: Working across on-premises, IaaS, PaaS, and SaaS

Rob Aragao, cyber security strategist, Micro Focus
Stan Wisseman, business solutions leader for security products, Micro Focus​​​​​​

As enterprises learn how best to leverage cloud computing, they often find themselves with a mix of on-premises, IaaS, PaaS, and SaaS products and struggle with how to integrate, coordinate, and manage them all. Learn why this doesn’t have to be a daunting task.

A risk-based security program approach: Security enables digital transformation and compliance

Peter Bronson, enterprise security business development manager, Canada, for Micro Focus
Michael Gutsche, chief security strategist, Micro Focus

Today’s organizations face continually changing threats to their business by way of their information systems. As the threats become more advanced and complex, internally and externally, it is critical for security organizations to adopt a risk-based approach to their security programs. Regulatory compliance, audits, and standardization are still necessary but are typically “moments in time” and don’t persistently protect what matters most. Many boards of directors are now challenging their IT/IS and security to identify where the real risks are and deliver strategies to address these risks. This session explores how the threats have changed and continue to evolve and why a risk based integrated approach is far more effective to move the needle of an organization’s security posture.

Improving the customer experience by understanding customer relationships

Rob MacDonald, director of solutions marketing, Micro Focus

This session describes how customer and employee expectations are shifting to focus on user experience. As technology continues to rapidly evolve, organizations must be able to adopt new innovations and the improved experiences that technology makes possible. Organizations must understand that customers will choose to engage with brands that can deliver an experience that is adaptive, personalized, and frictionless across various digital channels. Transforming the customer experience is at the core of digital transformations and IoT. 

Customer identity and access management (CIAM) is one of the key enabling technologies and solutions that make transformation possible, and CIAM is increasingly strategic in the identity and access management (IAM) arena. Identity is the entry point to digital business; it builds the identity relationships to ensure privacy and adaptive security controls.

Get up to speed on best practices for protecting both unstructured and structured data, as well as the innovations to help you protect what matters most—your users, apps, and data. Join us at the Cybersecurity Summit in Washington, DC, this September 25-27

Topics: Security