It’s About the Data Security!

It seems like every week in the news, there’s some new threat or incident involving data security.

This time it’s the U.S. Customs and Border Patrol (CBP). Well, a subcontractor of theirs anyway. CBP just announced that one of its subcontractors suffered a cyber breach. Unauthorized data access is typical in a breach, and this is no exception. CBP acknowledged there was unauthorized access to license plate images and public traveler images in the subcontractor’s possession. What makes this incident different is that in addition to the main breach, the subcontractor was not authorized to have this data on its network. The data shouldn’t have been there to begin with.

This latest CBP breach is another illustration of a common characteristic which many breaches share. Breaches often don’t originate within the main corporate (data owner) network. They start with weaker partner organizations first and then spread from there to various degrees.

No longer can you think of data as being something which is created and stays in a defined place. Data and metadata get created and often travel to many destinations as they are processed and used. Securing data requires that you understand the lifecycle of the data you are responsible for, where it goes and how it is used, and what controls are in place to protect it. How do you go about doing this?