Why Data Hygiene is Key to Industrial Cybersecurity

If there’s a common denominator to today’s security woes, it’s complexity. Industrial and enterprise IT environments are more open, interdependent, and essential than ever before. Practicing good data hygiene is one of the best ways for organizations to protect themselves, and it starts with a zero-trust approach to network access.

Complexity is a security risk

Part of what makes IT environments so complex today is the distributed nature of industrial and business operations, which decentralizes technology planning, causes “architecture sprawl”, and makes it hard to enforce security policies consistently. Those problems are compounded by growing technical debt as organizations defer upgrades or pursue them haphazardly instead of in a coordinated way.

Virtually every connectivity trend seems to contribute to the growth of complexity, from widespread IoT deployments and IT/OT integrations to hybrid work models that make security conformance challenging, and cloud deployments fraught with vulnerability-inducing compliance and misconfiguration issues.

All of these are amplified when businesses participate in highly interdependent supply chains. No single player has end-to-end control or the visibility to identify where dependencies and vulnerabilities reside. Amid this “vendor sprawl”, even participants with good internal security controls are at the mercy of the weakest link in the chain.

For IT and network security teams already overwhelmed by alert volumes and ever-evolving threats, dealing with so much complexity can seem like a bridge too far. They need to augment their efforts with automation to get some relief.

The catch is that automation tools must be implicitly trustable before organizations can “hand over the keys” for machines to run any part of security operations. That hinges on the quality of the data the systems must work with—which makes good data hygiene fundamental.

Data hygiene depends on zero trust

“Hygienic” data is accurate, complete, reliable, and up to date. Zero-trust principles contribute to data quality by strictly controlling who creates, accesses, modifies, and shares it.

The root assumption of zero trust is that no resource interacting with enterprise IT systems is inherently trustworthy. A “resource” may be an individual, a data set, a corporate or personal user device, and even a cloud service or software-as-a-service (SaaS) solution. Because trust is not inherent or assumed, whenever a resource requests access to corporate data, its security posture must be assessed: no one gets grandfathered and there are no free passes.

At the same time, the approach recognizes that trust is not a fixed state. That means it must be monitored and re-verified continuously throughout a transaction. Any increase in risk profile can cause an exchange to be shut down, accounts to be reset, or other actions taken to contain potential issues.

Several zero-trust precepts follow from all of this:

  • Access is always session specific. Trust must be established before access is granted, with only the most restricted privileges assigned to complete the given task.
  • Perimeter-only security is not enough. Classic security approaches provide a “single door” for resources to access corporate assets and systems based on their initial network location and identity. But once inside, malicious actors can exploit that access, moving laterally through the network. Location should be always tracked, and privileges should be based not only on identity but also specifically on what a user or resource is there to accomplish.
  • Access policies should be dynamic, not fixed. This allows trust to be contextual and adaptable to changing conditions based on business needs, risk tolerance, monitoring data, usage patterns, network locations, times of day, the presence of active attacks, and other variables.
  • Authentication and authorization must be strictly enforced. These should be based on a formal identity, credential, and access management (ICAM) system that includes multifactor authentication. Like access, authentication and authorization should be dynamic—with consistent scanning for and assessment of threats, and with policies re-evaluated according to context and real-time conditions.
  • Analytics help make security stronger. By collecting information on resource and asset security postures, traffic patterns, access requests, and more over time—and analyzing them for patterns—organizations can strengthen cyber security and data quality on an ongoing basis.

With these aspects of the zero-trust stance in place, organizations can be assured of better data hygiene because the information in their systems only ever comes from trusted sources and is highly traceable.

Read More HERE