Skip to content

Back to Basics: Five Ways to Improve Your Corporate Data Protection Practices

Back to Basics: Five Ways to Improve Your Corporate Data Protection Practices


Complexity in modern IT environments can create critical visibility gaps that could leave organizations dangerously vulnerable and noncompliant. 

According to a new report from law firm DLA Piper’s data protection team, GDPR fines increased by 40 percent last year and experts predict they’ll only get bigger.  As regulators start ratcheting up the size of fines, it’s time to recalibrate. What better opportunity than Data Privacy Day to ask yourself: Is my organization doing enough to mitigate the risk of sensitive data loss?   

Fortunately, enhancements can be made without reinventing the wheel, and gaining visibility and control of your endpoints and the important data residing on them is where you need to start.

[Read also: What is data loss prevention?]

Data is everywhere

As organizations digitally transform, data tends to move across the environment, meaning it’s likely that at least some business data may end up somewhere you didn’t anticipate. For example, cloud migration projects can open up a new data location. Additionally, legacy assets may be overlooked and abandoned, which can result in security vulnerabilities. Remote work is also adding to the likelihood of potentially unmanaged endpoints connecting corporate networks.

As the number of tools used to manage and secure all assets snowballs, so too does complexity. Tanium data reveals that the average enterprise uses 43 IT operations and security tools — each of which requires IT staff training. The more time they spend jumping from one to the other, the less time they have to gain visibility and control of their endpoint estate, and the more chances that they’ll miss spotting a key risk or security event. 

At the same time, compliance fines are quickly increasing. Better to be proactive in reassessing your data protection posture now than getting caught out down the line. Improving the status quo doesn’t mean buying the latest whizbang solution to keep out the most sophisticated nation-state actors. Even they will do the bare minimum to get to your data. Instead, focus on getting the basics right with effective cyber hygiene, starting with vulnerability and configuration management.

Best practices to help protect your corporate data

Here are five approaches to improve your privacy efforts.

(1) Switch on hard-disk encryption 

A great deal of noise is made about data loss prevention (DLP) as a primary bulwark against data risk. It’s important, but it’s not a silver bullet. It won’t work if you don’t know what data you hold that needs protecting and where it is. That’s why many DLP projects fail. 

We need to be less absolutist about our approach here. What does this mean? That wherever it ends up, you need to be assured it is protected. And the best way of doing this is with a policy of hard-disk encryption for all laptops and desktops. Most operating systems have drive encryption features built in, so enable them.

(2) Take a zero-trust approach

Everyone knows that IT environments are becoming increasingly complex, and traditional security models that attempt to secure perimeters are no longer a sufficient approach to address the needs a dynamic, cloud-centric world of remote work, mobile devices, and the growing number of malicious actors.

Instead, assess the identity of each user login and every endpoint security posture to determine what level of address to provide.

(3) Proactively search endpoints and data

As sensitive intellectual property (IP) and regulated data often end up where you least expect, there is an urgent need to be able to search your endpoints for that data proactively. 

It should be possible to ask questions of these assets in plain English and have answers returned in near real time. 

Once you know where it is, you can take action to transfer that data to a more secure environment or to ensure its current location complies with policy. Anything less will fail to provide the kind of visibility you need, given today’s complex IT environments. 

(4) Streamline global compliance

The most efficient way to deal with different data protection laws is to adopt and apply controls to address what your business considers the most strict regulations.

But if you need to ring-fence a set of controls geographically because of a particularly restrictive regulation, you need an effective way to identify all applicable endpoints. 

But this creates more complexity, unless you can dynamically manage endpoints based on key attributes (language and time zone settings, network segment, Active Directory OU, etc.) in a more operationally efficient way of doing things than maintaining manual lists.

(5) Bake privacy into new projects from the start

Privacy-by-design is increasingly the mantra of regulators across the globe. Whether you’re in the process of your first migration to the cloud or working on a design for a new product, service, or system, this is your opportunity to think about data protection.

What data do you need to perform a given business function? How long do you need to retain it? 

Baking privacy in from the start is a cheaper and more effective way to do things than trying to retrofit data protection when you will eventually be forced to comply with data regulatory requirements. 

And a final tip. The focus throughout your efforts should be on data minimization: if you don’t need it, delete it. 

To learn how an endpoint management and security strategy can help organizations close their critical gaps, download our Visibility Gap Study

Chris Hallenbeck

Chris Hallenbeck is CISO for the Americas at Tanium. He provides security leadership and operational insight gained from more than 20 years in the public and private sector. He came to Tanium after nearly seven years of service at the U.S. Department of Homeland Security's US-CERT.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.