Data is at the heart of the modern-day enterprise. Data that is collected from numerous sources, stored, processed, and disposed of based on business requirements. With data as the foundation of critical business workflows, bolstering cybersecurity has today become one of the top-most priorities for C-level executives. Organizations invest significant resources in preventing data breaches and cyber-attacks, ranging from stealing sensitive information, financial details, and personal data with unauthorized access to systems, causing disruption or denial to the services, gaining unauthorized access to process traffic, and damaging data.
The motives or the modes of attack could be many. These attacks could seriously impact an individual, disrupt and financially impact a business, and lead to loss of reputation and customer trust, strict regulatory action, SLA non-compliance. Enterprises need timely and effective implementation of cyber security measures with the right strategies and appropriate action plans to understand possible threats in real-time, plug identified vulnerabilities, and create mitigation plans, enhancing their cyber security posture.
The 7-layer cybersecurity model
The model discussed here will help companies leverage a robust, leading-edge cybersecurity architecture, analyze each architecture layer at a time, identify possible threats layer by layer and neutralize cybersecurity threats before they cause significant damage.
Let’s delve into each layer of the model to understand the cybersecurity implications.
- People – Here, the objective is to control the incidents of intentional or unintentional unauthorized activities across servers. Addressing unintended incidents requires proper training and awareness about cybersecurity principles. Educating employees, partners, and customers about the possibility of attacks and creating a checklist of do’s and don’ts can help. For intentional cases, creating watertight security policies around breaches, getting the right IT tools for recording activities performed on the servers, and discouraging using shared credentials to keep track of who-did-what correctly can enable superior cyber security controls.
- Physical – Companies must physically protect their assets. That can be achieved by restricting access to data centers and using technologies, such as cameras, biometric identification, and more. According to the 2021 Mid-Year Outlook State of Protective Intelligence Report from the Ontic Center for Protective Intelligence, unification between physical and cybersecurity and having a single platform to identify and communicate threats is critical.
- Infrastructure – The goal of this layer is to prevent unauthorized access to the network. Regular audits of rules at the firewall, segmentation/segregation of network and functions, blocking unused ports at routers and other nodes, encrypted connections between different endpoints, and backing up configurations can all lead to a secure and tamper-proof infrastructure.
- Platform – In the world of bring your own device (BYOD), companies need to protect mobiles, desktops, laptops, and servers from breaches. Some guidelines that can be implemented include a firm password policy, proper access controls, robust anti-virus software, OS hardening, presence of only patched and necessary software on machines, segregation of read/write permissions, and more.
- Middleware – This includes the web container, which manages the lifecycle of servlets and ensures the URL requester has the correct access-rights. The need is to advocate the use of hardened components, close unused ports, disable security headers, remove test applications, carefully set permissions, and disable trace requests etc. While using docker, teams must use valid registries, run them as non-root, use trusted base images, and not store secrets in images. Further, they must take care of K8S or any COE they might use in their setup.
- Application – Here, we control the access to applications and strengthen the internal security of the application. Cybersecurity personnel can achieve that by providing role-based access with proper authentication/authorization, handling identified critical security risks in standards like OWASP etc., adopting CIS-recommended best practices, logging in encrypted formats, and deploying multi-factor authentication.
- Database – Data security teams must focus on protecting the end-to-end storage, access, and transfer of data. By using hardened databases and encrypted information – in transit or at rest, ensuring controlled privileged access, and driving periodic removal of unused accounts, companies can ensure their data remains protected at-rest, in-motion, and in-use.
What makes a cybersecurity solution infallible?
Operating in the new normal must ensure security aspects are built into the system instead of an afterthought, also known as ‘security by design.’ And that can be achieved with organizational culture alignment, change in mindset, and the right set of policies and processes, mandating that security is prioritized right through product development, deployment and the operations lifecycle while meeting the requirements elucidated in the 7-layer model.
In the end…
Any guesses then who needs to take ownership for building future-ready cyber secured architecture and its compliance? According to me, the responsibility lies on every person across the company’s ecosystem. All executives, employees, partners, and customers are responsible for regularly up-skilling their cybersecurity defenses and strictly adhering to the organization’s security policies/processes. Ensure that you are staying a step ahead of hackers, implementing constant innovation, boosting the cybersecurity landscape with the adoption of intelligent technologies, and building a culture of cyber awareness. I hope you would agree!