While malware and hacking techniques are undoubtedly growing more complex, a surprising number of data breaches could be thwarted by implementing network security protocols that have long been considered fundamental to protecting networks. Network segmentation—splitting out a network into different subnetworks and appropriately regulating and monitoring access to each of them—is a tried-and-true way to prevent hackers from getting their hands on data. And it’s a method that TechTarget posits has the capacity to drastically cut down on the severity of data breaches or prevent them entirely.
So how can your clients strengthen their digital security through network segmentation? The following three tips will help you understand how your clients can best make use of this networking best practice—one that could keep them cybersecure and out of the data breach headlines.
The Importance of Access Control
The Target data breach of 2013 has become a go-to cautionary tale in the world of cybersecurity. During the event, hackers were able to siphon tremendous amounts of customer credit card data from the retailer’s point-of-sale system. Perhaps one of the most disturbing revelations about the breach was that the hack, though monumental, was not all that high-tech.
The perpetrators of the hack stole third-party credentials from an HVAC company that had been granted network access. They then used those credentials to jump around the network until they reached the point-of-sale system and ran malware to infect the point-of-sale terminals. Experts agree that using simple, adequate network segmentation could have kept them out of the point-of-sale portion of the system, minimizing the damage.
Network segmentation keeps third parties or other users from accessing parts of the network outside of those that they need for their duties. It allows enterprises to block out users from getting in and to set unique access controls around different segments. That way, if a hacker gains access to a network through a third party with lax security standards, they’ll be stuck looking at only the data that the third party had access to and won’t be able to jump through the network and run roughshod over the entirety of the company’s resources.
Keeping Important Information Restricted to Fewer Spots
At a time when many are focusing on creating data redundancy through multiple backups and cloud storage in order to make sure that critical information isn’t wiped, it might seem counterintuitive to talk about minimizing the number of spots where data reside. But when thinking about organizing a network into segments for security purposes, it makes sense.
If credit card data, for instance, reside in a segment of the network with highly restricted access, but then end up being ported to and stored in a less walled-off segment of the network to share with a consultant, that can compromise the effectiveness of the segmentation. Making sure that valuable data are kept in as few places as possible and accessible only by those who absolutely need them on a network with high-quality monitoring solutions in place is critical to making segmentation work.
Sharing data is often vital, but make sure that your client is always sharing in a smart way, with adequate access controls in place.
Planning Ahead and Staying Ahead
You wouldn’t buy a safe for your jewelry and then place the jewelry next to the safe instead of locking it inside. Just as you would make sure that everything that needed to be secured under lock and key in a physical space is adequately protected and available only to the people who need access to it, you should do the same thing when building out and segmenting a network.
In order to do this, strategy is key. Segmentation takes expertise and planning to figure out where data will reside and who has access to the data. And it’s an ongoing responsibility to determine how segments and access rules must change as the network grows. But with data breaches so rampant, building network architecture that keeps unwanted visitors out of all the places on a network where valuable information resides should be a top priority. Guiding your clients through every step of the process is a surefire way to improve their digital security.
How have you seen network segmentation utilized in the field?