Data in general is one of the most important resources any organization has, and this makes data protection a top priority for any business out there. A large number of companies invest a lot of money into forming massive perimeters of security measures around their systems, trying to protect themselves from all kinds of external threats – ransomware, malware, hacking, etc.

Unfortunately, these external threats are not the only ones that can be a threat to a company in some way – there is another category of events that cause data breaches, and this particular category has been on everyone’s mind for a while now. 

This category is named “an insider threat”, and it can be split into two large chunks. The first part of an insider threat consists of all the internal users that have access to sensitive data – an insider threat in this example is an accidental mishandling of information by an employee or a contractor that results in protected information being transferred out of the protective perimeter. The second part covers employees that attempt to deliberately steal information for personal gain or some other reason.

As you can see, the main difference between the two is intent – the first is accidental, the second is intentional. At the same time, both of these categories describe people that already have access to sensitive information – and these cases are the reason why there is no organization in the entire world that is immune to an insider threat as a data loss type.

The problem here is that “perimeter” security systems have been originally designed quite a while ago, and are primarily used to combat external threats. A lot of the systems have evolved dramatically since then, and each company now has a massive number of people that have access to internal or sensitive information in the first place – a threat that the traditional methods are pretty much unable to prevent or even detect.

There are three main reasons why a more traditional security system is unable to protect the data properly in the modern world. Reason one is the reliance of your employees to have access to different kinds of data in order to do their job properly. No classic system can detect or control a user’s interactions with information once the user in question accessed said data the first time around. 

Both threat detection and behavior analysis are just as ineffective here, since both of them are designed to detect the root of the problem once it already happened – this is unacceptable for a data protection system. Even with the most modern threat detection and behavior analytics, it takes about a year on average for a company to detect that an insider breach has happened in the first place.

Reason two deals with the modern flow of the information in general, when a regular employee can access the same data from their office, as well as from home, from a random place such as a coffee shop, or even with their mobile device. Each additional device means a harder time for the security system to try and detect everything in the first place – most systems cannot do that already, and the range of devices used in daily operations keeps increasing regularly.

Reason three is a partial continuation to what the previous reason was – there are many apps that can be used to access information, and many different ways to access said information. One single data piece can be accessed, copied, downloaded, shared using an email/a chat system/cloud sharing/etc., used in collaboration with third parties, and more. No traditional system would be able to keep up with this many different operations as it is.

 This mass of issues practically leaves out any possible modification to the old security scheme, calling for a completely new approach that is built from scratch to accommodate the current world’s needs. Trying to control the containers that store the data is clearly not working, and the number of data breaches is a great evidence about this topic, since the inability to track and control data in motion is a large issue for these systems.

A more modern approach would be based completely on securing and controlling the data itself, and not the storage location it is stored into. This kind of approach has been named as data centric security and it has been recognized quite a lot in a number of organizations and government institutions, including NATO, NIST, and more.

This kind of approach uses a number of methodologies that are used as the baseline for an entirely new framework of data protection. This includes data discovery and classification, data encryption, attribute-based access control, data loss prevention techniques, zero trust access methodology and digital watermarking – and this list is far from complete.

Generally speaking, you can build many layers that protect your data from external attacks, but counteracting insider threats takes an entirely new system to be even remotely effective – and data centric security is a good example of such system that has proven to be rather effective in this regard.