Who We Are
NJVC is the engine of the secure, integrated enterprise, delivering mission-critical IT solutions for critical missions in enterprise management & monitoring, hybrid IT transformation & optimization, cloud migration and cybersecurity.
For roughly 70 million households, the use of natural gas isn’t just a way to keep warm or a tool to learn that cleaning S’mores from fireplaces is a task fit only to produce great clouds of profanity; it’s a lesson that data privacy begins with data awareness and a holistic review of your enterprise.
Tuesday, Jan. 28, is National Data Privacy Day, an awareness event sponsored by the National Cyber Security Alliance. For end users, there are many useful tips to keep data safe as there are types of data, like NCSA's own or Avast's.
For those in charge of their own IT enterprises, be it consumer facing or merely supporting your own company, however, it means we all have a lot to learn from the residential gas industry.
In its normal state, natural gas (conveniently, like data) is odorless, colorless and has no ability to stop itself from leaking once the safety and security measures in place are compromised. Data and gas simply rest and flow, vulnerable to threat actors and unintentional leakage, just like a gas line is vulnerable to a misguided shovel.
Unlike data, however, natural gas delivered to residences comes with a distinct pungent odor like rotten eggs cooked on gym shoes, a safety feature added by gas companies to allow anyone in the area to quickly surmise a leak has happened and begin the process of repair.
Data, unfortunately, has no such smelly alert, which in no small part explains why 66 percent of all security breaches take months or more to report, according to Verizon’s yearly definitive study on breach reports.
For enterprise IT, however, it should. At least, metaphorically.
Protecting data privacy begins with a technical version of that distinctive malodor, with constant data awareness.
After all, data is the point of IT.
From the days Herman Hollerith first used punch cards to better aggregate census data, and probably back to Adam’s first foray into tracking Eden’s fruit and loin cloth supply, IT has existed foremost to better maintain, manipulate and make accessible data..
Yet, at the root of many breaches isn’t simply an ignorance of wanting to keep data private, it’s failing to appropriately recognize and safeguard data entry and exit points or failing to be aware of data in an effort to be more efficient in an application or simply tend to other system needs. Take, for example, Starbucks, whose iOS app came under fire after it was found that the app stored sensitive customer information in plain text, rather than encrypting the information or using other secure options. Or, consider a large healthcare provider that inadvertently exposed more than 32,000 personal medical records to search engines by placing personal health information on a Web server, with certain access restrictions removed by a business associate, according to the company.
Often, a focus on functionality or on specific applications takes priority over data awareness, leaving data to leak away from the enterprise undetected.
How Data Awareness Gets Lost
There are many reasons why data can get lost in the shuffle and why it makes sense for your organization to work with an independent cyber security company as part of your IT hygiene.
In no small part, however, this happens because IT has grown from its Andy Taylor days.
No longer is any one person realistically capable of being a expert in the IT enterprise, in the way Taylor, Mayberry’s favorite son, served as sheriff, justice of the peace, wedding officiant, editor of the newspaper and mayor in the early days of the "Andy Griffith Show." Now, IT has stratified into application developers, database administrators, network engineers, mobile developers and a long, long list of specialties and sub-specialties. Each has their own concept of cyber security and data awareness, which may not neatly align, leading to data leaks.
IT Enterprise as a Traffic System
Think of your IT system as an integrated road network. The freeways and highways are built by specialized engineers, just like servers and applications. They may come complete with safety features as engineers understand them, like guard rails and smooth pavement, but the engineers that build the roads provide no guidance on their usage.
IT is no different. Application developers understand and secure applications. Database developers understand and secure databases. Network engineers understand and secure networks.
Once the roads are built, however, someone must be aware of the data, like cars and pedestrians, are traveling over the roads and byways and sitting at rest throughout the enterprise.
Cyber security companies like, but certainly not limited to NJVC, provide safeguards for data in the form of enterprise cyber security assessments. These assessments implement user policies, which like speed limits and traffic lights, guide behavior and shape access rights. Assessments identify vulnerabilities after applications are delivered are added on to the network, (or beforehand, through virtualizations) in the way perhaps a gap exists between roads built by separate contractors or a pothole develops due to natural changes in circumstance. Additionally, continuous monitoring solutions provide regular feedback—traffic cops to flag threat actors.
At each step of the way, independent assessment ensures constant awareness of data throughout the enterprise.
And like routine maintenance of roads or traffic engineering, cyber assessments represent a small cost for a major benefit, part of the cyber hygiene every enterprise should pursue.
Jan. 28 is data privacy day, an end-goal every organization should pursue.
But for enterprise IT, to constantly secure data privacy, every day must be data awareness day.
How? Start with a cyber assessment, then give it a little gas.