In response to the new challenges of information security and data protection and privacy, we have seen the emergence of entirely new types of network structure - what most people call data architectures.
Only in recent years, for example, has there been talk of application-based network architectures and the growing popularity of new cloud-based architectures.
All these architectures are great if used correctly. But network and security engineers must also recognize that no matter how contemporary and sophisticated their data architecture is, there are some cyber security threats that are just as dangerous today as they were a decade ago.
New architectures, old challenges
The first and most important point to see here is that, although the last decade has seen the emergence of many different types of data architectureThe basic signature, vector and mechanism for cyber attacks remain the same.
An attacker tries to gain unauthorized access to your systems through a weak point in your authentication protocols, moves laterally through the system, increases the level of access they have and then steals valuable data.
Thus, regardless of the cloud computing architecture used, you need to be able to do three things:
- Identify unauthorized access
- Prevent lateral movement
- Stop the theft of valuable data.
Defining exactly how you do this depends on your data architecture, but it's worth a little secret - no data architecture will automatically defend you against cyber attacks.
In fact, in many cases, the more complex the architecture, the more likely you are to see a successful attack and the more complicated it will be to clean up afterwards. With more moving parts, you have more things to control, and that can be a big challenge.
This is particularly true when databases have three main attributes:
- Contains confidential information
- There is no clear ownership and responsibility for your safety
- They have links to other data sources.
A classic example here is worker databases, which are generally used by various agencies and companies, all of which assume that others are responsible for safety.
This "nebulous" architecture is one of the reasons why databases with workers' personal data are hacked so regularly and one of the reasons why it is important to have a well-defined data architecture.
Protecting your architecture
There are some emerging approaches that make it easier to protect modern data architectures. So let's take a look at them.
Mapping the landscape
You can't protect a territory you don't know. That's why the first step in protecting any system is to map its landscape. This used to be a fairly simple job that an intern could do in a week.
Now, the complexity of contemporary architecture means that you will have to use automation to map data flows and authentication structures.
Fortunately, there are tools that can help you do this. Data security solutions support the evolving data landscape across a variety of entities - databases (DBs), database as a service (DBaaS), files and data services - and are particularly useful when it comes to securing hybrid and multi-cloud.
Data-centric controls
Protecting complex data architectures can only be done efficiently by recognizing that users are likely to need equally complex access profiles in the various parts of their systems.
Secondly, you must recognize that access in itself is not a negative thing - what matters is protecting your data.
For this reason, complex architectures may require you to switch to data-centric management. This means assigning security controls to individual data storage structures, not just the systems that access them, and making access to this data one of your key performance indicators.
Real-time analysis
The dynamism involved with contemporary data architectures can make them very difficult to protect, but it can also provide security analysts with a much richer picture of how their systems are actually working.
In fact, one of the most important developments in recent years has been the ability to monitor data activity in real timeeven in hybrid cloud environments.
This functionality was largely developed to carry out real-time threat detection in the automotive industry, but has found applications far beyond it.
The central idea here is to "sniff" data-related traffic, checking the origin and destination of a specific data source. This agent- and proxy-based method is built-in, which means it can perform actions in real time, such as composing data and blocking access if specific rules are violated.
Build strong foundations
Finally, it's worth thinking about how these tools can contribute to your long-term planning.
After examining the above solutions - mapping their systems, moving to data-centric management and collecting real-time analytics - many network administrators are in for a nasty shock: the advanced data architecture they have implemented is actually much less secure than the one they recently migrated from.
As such, it is important to highlight the architectural planning and development process. Ideally, network mapping should be used to inform the future development of your architecture, allowing it to become more secure as it simultaneously grows in functionality and sophistication.
Complex cloud architecture types don't need to be insecure - they just need to be built at the same level of supervision as the systems and architectures they are replacing.
To find out more about how to choose the best architecture and how to protect it from possible attacks, contact the experts at Conversys now and learn about Aruba Networks' security, network management and connectivity solutions. We're here to help you overcome new challenges.
About Conversys
Conversys IT Solutions is a provider of Information and Communication Technology services and solutions operating throughout Brazil.
With a highly qualified technical and commercial team and a network of partners that includes the main global technology manufacturers, Conversys IT Solutions is able to deliver customized IT and Telecom Infrastructure solutions to clients.
We invest in our employees and partners and strive for a lasting relationship with our clients, as we believe that this is how we gain the skills and knowledge necessary to innovate and generate value for the businesses in which we operate.[/vc_column_text][/vc_column][/vc_row]
