Threats to data security come in many forms, from ransomware attacks to insider threats, or even accidental misuse. Most entities think that the best way to prevent compromise of confidential and regulated data such as PII, HIPAA, and FERPA data is through significant investments in networking, infrastructure, and application security. While these investments remain critical to any entity’s overall cybersecurity strategy, gaps still exist in the protection of confidential and regulated data.
The OnData Platform is a cloud-based data security platform specifically designed to simplify and enhance the management and protection of confidential and regulated data by leveraging a cutting-edge data security approach first used by the payment card industry to combat fraud. OnData’s patent-pending technology significantly enhances an entity’s ability to protect confidential and regulated data against both internal and external threats.
A recent article published in Tech Target included a comprehensive list of the top ten data security best practices. The table below lists the critical data security best practices identified by Tech Target, along with information on the OnData platform capabilities available to automate and streamline the implementation of these data protection best practices.
|Data Security Best Practices||OnData Platform Capabilities|
|1. Catalog All Enterprise Data – To protect data it is critical to create and maintain a comprehensive data inventory.||The OnData platform automates the inventory of confidential and regulated data. OnData captures critical elements stored in databases to provide a unified view of database schemas and changes over time.|
|2. Understand Data Usage – For optimal security, data must be protected in all states, in motion, at rest or in use.||While the majority of data security controls focus on protecting data in transit and at rest, OnData also protects data in use by encrypting data at run time.|
|3. Categorize Data – Classifying data into classes such as public, sensitive, and confidential is an important step in determining how data is protected and who has access.||The OnData platform streamlines and standardizes data classification with robust data classification features, including drop down menus with defined classifications based on data sensitivity levels to enable and facilitate assignment of encryption and data access rules and policies.|
|4. Use Data Masking – A significant weapon against data loss is making any data stolen unusable to the attacker. Data masking enables users to perform tasks on functionally formatted data without requiring or exposing the actual data.||The OnData platform provides configurable data masking rules that include value list, value range, or related table columns.|
|5. Use Data Encryption – Encryption uses a cryptographic algorithm and secret keys to ensure only authorized users can read the data. If encrypted data is stolen by attackers, it cannot be read, and therefore the attackers gain no value from the data, making it one of the best ways to safeguard valuable info.||The OnData Platform leverages the NIST standard encryption algorithms based on AES 256 standards to encrypt confidential and regulated data at runtime, which means the data is encrypted and protected at all times, not just in transit and at rest.|
OnData uses format preserving encryption algorithms to ensure encrypted data works well with applications and provides a dropdown list of encryption rules for the various types of confidential and regulated data.
|6. Implement Strong Access Controls – Establishing strong access controls is necessary to ensure confidential and regulated data is only available to users who require access to do their jobs.||OnData automates enforcement of data security policies and rules through data access rules that are easily enforced at the data tier and ensure only users with a need-to know can see the actual data. Unauthorized users only see encrypted or masked data.|
|7. Create data collection and retention policies – Establish rules for what data must be encrypted and who has access.||The OnData platform automates the establishment of data access and encryption policies and rules for confidential and regulated data.|
|8. Conduct Security Awareness Training – Educate users who have access data about the importance of data security.||OnData implements many security best practices to protect confidential and regulated data, such as multi-factor authentication (MFA), audit logging, and automated key refresh, these practices can be illustrated in training sessions.|
|9. Back Up Data – Availability and integrity of data are as important to security as confidentiality.||OnData automates the backup and restore validation of databases. The backups are stored in immutable storage in the cloud to ensure the availability and integrity of data at all times.|
|10. Use Data Loss Prevention (DLP) – DLP consists of technologies, products and techniques that automate the tracking of sensitive data.||The OnData platform includes a robust audit logging feature that tracks the access of confidential and regulated data. The access to confidential and regulated data can be automatically turned off when any suspicious activity is detected by monitoring the audit logs.|
The OnData Platform automates and streamlines the implementation of data security best practices identified by industry experts. It provides comprehensive data classification, data encryption, data access control, and data masking features to ensure the security, availability, and integrity of the confidential and regulated data.