In the digital business world, enterprise network boundaries keep expanding with the adoption of remote access, Internet of Things, Bring your own device (BYOD) and cloud services. This expansion is resulting in increased attack surface and data-related breaches. This is to the extent that third-party breaches are now the most expensive incidents for both enterprises and small and medium sized businesses.
There are, however, measures that a company can take to solve such problems. To find out more, Digital Journal caught up with Eitan Bremler of Safe-T, a company specializing in zero-trust access solutions.
Digital Journal: How important is digital transformation for businesses?
Eitan Bremler: Digital transformation is highly critical for business, this is due to their customers pushing to move from paper-based transactions to paperless/digital services. This includes all means of communication with the business – receiving emails from the business (with/without files), sending/uploading files to the business, getting online information, etc. The move to digital allows business to not only “go green” but also reduce the costs of manpower, office space, paperless, etc.
DJ: What are the risks associated with digital transformation?
Bremler: The risks of digital transformation is that now the business is open to the internet. If before when the business was paper-based (no digital services), the cyber footprint was minimal and cyber-attacks were minimal; once the business becomes digital, the cyber footprint grows exponentially and with it the risk of attacks – hacks, DDoS, data theft, data leakage, ransomware, etc.
DJ: Are these risks the same for all businesses?
Bremler: I think the risk for digital businesses is the same across verticals. The difference is in the level of attacks which depends on the profile of the business, and how valuable it’s data is.
DJ: Are the risks equally the same for IoT, BYOD and cloud services?
Bremler: I think that IoT and BYOD are part of digital transformation and add more attack vectors. For example, before IoT, there was no concept of headless devices “calling home” over the internet, but rather radio (at best). Now with all of the IoT devices calling home, the risk of an army of devices attacking a business has grown.
DJ: How can companies best secure sensitive data?
Bremler: Companies who wish to secure their sensitive data must invest in a solution which will control three aspects of data protection.
First, control access to data – by authenticating the user prior to providing access. This will ensure that unauthenticated parties (i.e. attackers) can never reach the data, as they will never be granted access. This prevents external attacks such as DDoS or external data theft.
Second, control the usage of data – controlling access is not enough, a business must also ensure they control the usage of data, for example, what can a user do with files he is granted access to. This will prevent attacks such as data leakage, data manipulation, internal data theft and ransomware.
Third, monitor user behavior anomalies – analyze user behavior in order to detect anomalies.
DJ: What can be done to best control data usage?
Bremler: Data usage is best controlled by disconnecting the user from the data. The data protection solution must act as a proxy/broker between the user and the data. This allows enforcing policies and workflows on the user. For example, when a user tries to copy out a file, the data usage solution will ensure the user has those permissions and will also pass the file via a DLP to make sure the files can be extracted. Or when a user uploads a file into the storage, the solution will pass the file via a sandbox to ensure the file is not malicious.
DJ: How can businesses reduce the attack surface?
Bremler: Reducing the attack surface is achieved by authenticating the user prior to providing access. This will ensure that unauthenticated parties (i.e. attackers) can never reach the data, as they will never be granted access. This effectively reduces the attack surface as services are not openly exposed to the outside world.
DJ: What services does Safe-T offer?
Bremler: Safe-T’s solution is called Software Defined Access. The solution comprises of 3 components – Trusted Access, Trusted Control, Trusted Reporting. These 3 components provide end-to-end protection on data, by controlling data access and usage. And in addition, monitor user behavior to detect anomalies.
