Anyone who is responsible for ensuring the security of confidential data has an obligation to protect the data being communicated over both the network domain they administer, as well as external (untrusted) networks. Despite the promises made by external service providers, including carriers, cloud, hosting, or others attesting to the security of their respective platforms, the accountability for the protection of this confidential data remains the responsibility of those entrusted with its care, custody, and control.
The methods to protect data being transported over communications networks depend on the type of network (public or private), the type of data, who needs to access the data. Typically, this process is addressed through the application of various security types of applied cryptography. Such examples can include:
- Securing Wifi Networks
- Virtual Local Area Network (VLAN) channels to segregate networks within a managed environment
- Virutal Private Networking (VPN) to create a secure communications channel over an untrusted network.
- Transport Layer Security (TLS) for secure point-to-point communications between apps and services.
- File Encryption to ensure the security of files at rest either in the internal network environment, or in external cloud storage and archive environments.
Entrusting an external party, not employed by the organization, to manage security may expose the organization to risk, as the service provider party may not have the authorization to access the unprotected data placed under their care, custody, and control. Before engaging an external party to manage, transport or store confidential data, the data itself, and the mode of transport must first be secured.
Cryptography - Data Encryption“If you do not maintain the keys to the cryptography used to secure your data, then your data is not secure”
All confidential files, whether stored on a local network server or workstation must be protected from access by any unauthorized party. This can include external threat actors, internal staff, or IT/Security administrators with broad access.
5-L can guide you in the development of effective policy and implementation.
