In March 2021, Chinese hackers broke into Microsoft Exchange Server and stole emails from over 250,000 customers worldwide. This raises two questions: How do you stop these attacks happening? How do you find out what data is affected and what damage has been done? Today’s information security is the combination of cyber security, information governance, risk management and information assurance that can address these issues. This blog concentrates on the role of information assurance and its integration into the world of security
The increase in criminal activity during the COVID-19 pandemic has shown the imperative for cyber resilience within every business. Working from the point of view that a data breach is inevitable at some point, the question becomes how you respond, remediate and recover your business. This means moving beyond the technical aspects to consider the things that’s most important: your data.
How do you protect and defend information inside your enterprise and, increasingly, in external data sources that you may have some responsibility for?
The answer is information assurance. A technology that begun life within legal firms and the legal departments of companies is now broadening out as all organizations are dealing an ever increasing volume and variety of data, wit greater controls and regulations on what they are permitted to do with that data. Handling regulatory enquires and enhancing data protection and data management have become key focus areas for information assurance solutions in enterprises worldwide.
The information assurance definition from the National Institute for Science and Technology (NIST) is: “Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.”
You can think of information assurance as the practice of protecting against and managing risk related to the use, storage and transmission of data and information systems. According to TechTarget, information assurance is based on three core principles:
Information assurance is often seen as a subset of information security that covers information governance, cybersecurity and information assurance.
Although IT and cybersecurity and information assurance are complementary disciplines that virtually every company needs, their different natures means they can be managed by different business areas.
As cybersecurity protects against the act of hacking physical computer systems, networks and infrastructure, it usually resides within the IT or information security teams. Information assurance, on the other hand, is often viewed as a facet of risk management and can be handled by the Governance, Risk and Compliance team. In addition, information assurance can be a function of HR where defensible data collection forms part of internal investigations.
We live in the world of big data and it’s getting bigger every day. Every day, two exabytes (or 2 million terabytes) of new data is created by industries worldwide. It’s not just the volume of data but the variety as well. Unstructured and semi-structured data now make up an estimated 80% of data collected by enterprises. This stems from the rise of the Cloud, mobile devices, apps, social media, the Internet of Things (IoT).
That’s a huge amount of data to manage especially as the world is changing constantly. Organizations want to tap into the huge potential of this data to improve business performance and customer experience. At the same time people are becoming more digital savvy and governments more protective of the individual’s privacy and personal information.
At the same time, some things haven’t changed. They have just accelerated. Whether accidental or malicious, employees misuse data and cyber criminals are definitely malicious when they target your business with more sophisticated hacks and attacks.
Information assurance has become vital to protect the information within your organization to ensure its integrity and quality in a way that builds trust and reduces risk. Today, information assurance solutions have moved beyond the ability to protect information systems. Information assurance professionals are now equally concerned with data privacy, regulatory enquiries and standards compliance.
Any information assurance risk assessment will seek a balance between protecting information and providing effective access to information. For example, during a merger or acquisition there will be a period of due diligence where each party gathers data to identify potential risk. Vast amounts of information have to be analyzed in a timely manner, while sensitive data such as intellectual property still has to be protected. Without modern information assurance solutions that can automate much of the data discovery process, this simply would not be possible.
The importance of effective information assurance and security management is impossible to overstate. The digital environment where everyone operates is fraught with danger and even those you’d expected to be best prepared have shown themselves to be vulnerable.
In 2020, information about the SolarWinds cyber attack broke with one commentator describing the hack as ‘IT’s Pearl Harbor’. The state-sponsored data breach threatened US national security with many key agencies including the Department of Defense. It’s believed that the hackers had nine months inside these systems between the breach and it being detected.
The scale of the damage may never be known – or, at least, admitted – but only the ability to apply sophisticated digital forensics as part of an information assurance solution can provide a clear understanding of what happened and what information has been compromised or damaged.
Although the discipline of information assurance has been around for decades, many of the modern information assurance solutions have evolved from digital data discovery – or eDiscovery – systems.
These systems were initially created to identify and defensibly hold data for use in litigation. However, many organizations today are looking to information assurance to assist in areas such as the protection of intellectual property, stopping potential data leakage and ensuring users are working with information properly. The result is a building out of capabilities within information assurance systems to address not only legal teams but also GRC, IT, HR and security.
Increasingly, information assurance is playing a pivotal role in data privacy and regulatory enquiries. Compliance teams use the solutions to enforce internal policies and ensure that personal and sensitive data is both protected and accessible. In addition to the growth of global data protection regulations such as GDPR and CCTA, industry regulations such as HIPAA in healthcare and PSD2 in financial services impose very strict rules on how data is handled and reported.
As well as broaden the range of business activities covered by leading information assurance solutions, the technology has to accommodate data from a much wider range of sources. Today, effective information assurance means control and management of data on a variety of devices, applications, systems and services.
In addition, organizations are moving more of their data and workloads to the Cloud so these systems now need to be able to cope with ‘off network’ data held on the services of public Cloud providers and SaaS providers such as Salesforce or SAP.
A key point is that regulations such as GDPR can extend the definition of data owner beyond the confines of your own network. In addition to data processed by trading partners, companies can be faced with accounting for information within employees’ email – both work and personal – and social media posts. Regulatory enquiries – such as Freedom of Information Act (FOIA) requests – means the timely capture and presentation of this data, or an acceptable explanation of why the request can’t be fulfilled.
When selecting an information assurance solution, it needs to deliver next generation data discovery capabilities. Implementing data discovery based on forensic principles is the only approach that delivers the visibility and control required to uncover relevant information accurately and completely wherever it resides and reveal sensitive data risks, no matter how well hidden.
OpenText™ EnCase™ Information Assurance is the gold standard in forensically sound data identification, capture and collection. With over 43 million EnCase endpoint agents deployed globally, our solutions provide enterprises with 360-degree visibility across all endpoints, devices and networks to search, collect and preserve sensitive information discreetly to establish a chain of custody to ensure data quality and integrity that is defensibly and litigation ready.