{"id":49985,"date":"2023-01-05T00:00:00","date_gmt":"2023-01-05T00:00:00","guid":{"rendered":"urn:uuid:5dd08571-785e-83e4-3fd5-f453f11f5fd4"},"modified":"2023-01-05T00:00:00","modified_gmt":"2023-01-05T00:00:00","slug":"why-data-hygiene-is-key-to-industrial-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/why-data-hygiene-is-key-to-industrial-cybersecurity\/","title":{"rendered":"Why Data Hygiene is Key to Industrial Cybersecurity"},"content":{"rendered":"

<\/p>\n

<\/div>\n

If there\u2019s a common denominator to today\u2019s security woes, it\u2019s complexity. Industrial and enterprise IT environments are more open, interdependent, and essential than ever before. Practicing good data hygiene is one of the best ways for organizations to protect themselves, and it starts with a zero-trust approach to network access.<\/p>\n

Complexity is a security risk<\/span><\/p>\n

Part of what makes IT environments so complex today is the distributed nature of industrial and business operations, which decentralizes technology planning, causes \u201carchitecture sprawl\u201d, and makes it hard to enforce security policies consistently. Those problems are compounded by growing technical debt as organizations defer upgrades or pursue them haphazardly instead of in a coordinated way.<\/p>\n

Virtually every connectivity trend seems to contribute to the growth of complexity, from widespread IoT deployments and IT\/OT integrations to hybrid work models that make security conformance challenging<\/a>, and cloud deployments fraught with vulnerability-inducing compliance and misconfiguration issues<\/a>.<\/p>\n

All of these are amplified when businesses participate in highly interdependent supply chains<\/a>. No single player has end-to-end control or the visibility to identify where dependencies and vulnerabilities reside. Amid this \u201cvendor sprawl\u201d, even participants with good internal security controls are at the mercy of the weakest link in the chain.<\/p>\n

For IT and network security teams already overwhelmed by alert volumes and ever-evolving threats, dealing with so much complexity can seem like a bridge too far. They need to augment their efforts with automation to get some relief.<\/p>\n

The catch is that automation tools must be implicitly trustable before organizations can \u201chand over the keys\u201d for machines to run any part of security operations. That hinges on the quality of the data the systems must work with\u2014which makes good data hygiene fundamental.<\/p>\n

Data hygiene depends on zero trust<\/span><\/p>\n

\u201cHygienic\u201d data is accurate, complete, reliable, and up to date. Zero-trust principles<\/a> contribute to data quality by strictly controlling who creates, accesses, modifies, and shares it.<\/p>\n

The root assumption of zero trust is that no resource interacting with enterprise IT systems is inherently trustworthy. A \u201cresource\u201d may be an individual, a data set, a corporate or personal user device, and even a cloud service or software-as-a-service (SaaS) solution. Because trust is not inherent or assumed, whenever a resource requests access to corporate data, its security posture must be assessed: no one gets grandfathered and there are no free passes.<\/p>\n

At the same time, the approach recognizes that trust is not a fixed state. That means it must be monitored and re-verified continuously throughout a transaction. Any increase in risk profile can cause an exchange to be shut down, accounts to be reset, or other actions taken to contain potential issues.<\/p>\n

Several zero-trust precepts follow from all of this:<\/p>\n