“As the enterprise embraces the broader market opportunity around the cloud and an increasingly distributed workforce, they need to rethink their entire approach toward data privacy and security,” says James Beecham, CTO, ALTR, in an exclusive interview with ITSecurityWire.
ITSW Bureau: What has the pandemic taught us about data security?
James Beecham: With the introduction of regulatory frameworks like the GDPR and CCPA, most companies had already started to increase their awareness of data security and privacy with stricter rules and better standards that protect both data and data subjects.
The pandemic has made this more complicated because companies now have to balance two somewhat competing priorities—protecting public health and protecting data. Remote work, more commonly known as the New Normal, was already a trend in the enterprise. But, alongside the potential to save millions of lives, it also has serious implications around data security and privacy.
The modern enterprise was already dealing with eroding data control boundaries, driven by cloud adoption, but the New Normal is compounding this erosion, leading to faster adoption of new security technologies and SaaS products.
ITSW Bureau: If data security has now become a priority, what new challenges will the enterprise face?
James Beecham: Legacy security solutions, which are designed to control data access at the infrastructure level, were never meant for the cloud. But as the New Normal is making clear, infrastructure is now increasingly abstracted from the data which flows across it.
Entire workforces, including the c-suite, are outside the perimeter and the data they work with—the lifeblood of every enterprise—is at risk for attack and exploitation.
As the enterprise embraces the broader market opportunity around the cloud and an increasingly distributed workforce, they need to rethink their entire approach toward data privacy and security. This means shifting the entire mindset towards making data security and protection more flexible and portable.
ITSW Bureau: What risks are associated with unchecked data consumption?
James Beecham: Data access requests typically let authorized users consume data without limits. Organizations that do not place limits on sensitive data consumption are in dangerous territory as they open themselves up to virtually any type of failure, including credentialed access threats and SQL injection attacks.
Verizon’s latest Data Breach Investigations Report states that inside actors are involved in 30 percent of data breaches, and more than 80 percent of hacking-related breaches involve the use of brute-force attacks or stolen credentials. Obviously, credentialed access is simply not enough to protect data.
Enterprises must consider the financial and reputational impacts of a single data breach or incident. CCPA fines can be as much as $7,500 per compromised data record, for instance, and the knock-on effects for brands and business operations pile up quickly. Resources are spread thin as team members turn into firefighters, customers lose trust, and people’s lives can literally be turned upside down.
ITSW Bureau: What steps can enterprises take to mitigate these risks and ensure they are protected?
James Beecham: Enterprises and other data-driven institutions need to adopt modern SaaS and cloud-based solutions that provide observability and control over data consumption. These types of solutions provide confidence in the security of the organization’s data, no matter where it lives, so they can not only protect data in real-time but take full advantage of both on-prem, cloud, and hybrid IT configurations.
In fact, it’s the only way they can confidently and securely operate in the New Normal. I am 100% confident that a SaaS provider is more focused and up to date on security best practices than 99% of businesses today.
ITSWBureau: How is technology developing to combat these new threats?
James Beecham: The trend is toward technology that can spot abnormal data consumption, limiting data loss when unauthorized access happens. ALTR DSaaS observes data flows and recognizes abnormal patterns when data consumption exceeds predetermined policy thresholds or access to data is outside the norm for a user, and limits or stops aberrant data consumption as it happens. Think of it like accessing money with a credit card—it’s not about who has the card in their hands, but rather observing spending habits and alerting the cardholder or blocking transactions when activity looks suspicious.
James Beecham is a Computer Engineer and Entrepreneur. James co-founded ALTR, an information security startup, where he currently works as CTO and has been issued two patents on ALTR’s proprietary blockchain technology.Previously, James worked at Dash Financial as the technology R&D lead, where he developed risk layers and algorithmic protocols for Dash’s electronic trading platform. James graduated from the University of Texas at Austin with a degree in Electrical and Computer Engineering, where his focus was embedded systems.