High profile data breaches, data misuse and cyber incidents have proven perimeter-based and role-based security defences are insufficient against cyber criminals while also do not scale well. Adopting an identity, context and data centric approach to security controls ensure organisations not only better protect their data by preventing inappropriate access to data assets but also are more efficient, promote data observability, GDPR compliance and better mitigate risks.
Attribute based: Define access rights based on a range of attributes including purpose and permitted use.
Least privilege: Limit the scope of data to purpose, containing the blast radius of any breach or misuse.
Risk-Tiered Controls: Leverage security classifications to ensure a proportionate range defence in depth controls are applied. Managing high-risk data effectively while reducing total cost of ownership.
Continuous Monitoring: Ensure that the most secure data assets are being used in line with the stated purpose.
Data Observability: Gain valuable insights into data use, data value, maximum retention and data flows throughout your organisation.
As practitioners, our team members, have designed and developed scalable, secure solutions for high-risk data multi-national companies and industries. We designed, lead and continue to teach the EDM Council Cloud Data Management Capabilities (CDMC) across three continents, applying scalable, metadata-driven controls to keep large scale data deployments secure. We bring a deep understanding of the data lifecycle to enable an effective, proportionate, scalable approach to security and data risk management.
Expert Practitioners: We understand and teach data, and how to derive value from it.
CDMC leaders: We know how to measure the impact of data and risks.
Designed to fit: We tailor our best practice frameworks to our customer’s needs focussing on realistic, sustainable outcomes; balancing security with utility.
Practical experience: We help you capture the correct level of detail in your metadata to drive automation and insight.
Invested in your success: We design and deliver alongside you, cultivating empowered, knowledgeable, self-sustaining teams.
Experience: Our consultants have been involved in driving data centric security for over 10 years.
Get the right balance of attributes (from the purpose of access, role, duration and permitted use) to drive frictionless high security data access.
We can help you take a proportionate, risk-based view across the entire data lifecycle so that you can optimise security.
Identify, classify and prioritise critical data to ensure that it is protected and access limited.
We can use best practices to help identify critical data, the rationale and the impact. We use this to inform controls so that they are reasonable but effective.
We leverage a deep understanding of how to implement data products effectively (using semantic modelling and metadata standards) DPROD to ensure that access can be limited to the data needed for the purpose, limiting the risks of access to acceptable parameters.
Leverage data insights from ZTDE to assess and communicate the impact and importance of data.
We are experienced in defining measurable, actionable metrics to create useful and meaningful analytics that drive performance.
Driving understanding and awareness of the security risks associated with data is challenging.
We appreciate the need to take an iterative approach that considers the needs of different stakeholders.
A global Telecommunications company was persistently targeted by cyber attacks. As with many organisations access was overly focussed on standard AD groups aligned to roles, which had been found to be unsustainable and lacking insight into how and why access was required. Investigation into cloud native fine grained access controls had shown that this would cause an unacceptably large administrative burden.
The existing processes for determining criticality and governing data access were ineffective and failed to engage business stakeholders, which meant low adoption and buy-in.
Policies and procedures were needed to enhance security considerations across the entire data lifecycle.
There was a need to increase employee awareness and understanding of the rationale and benefits of a data-centric approach to security.
By strengthening the control landscape and taking a metadata driven approach, combined with least privilege access focussed on contained data sets, the organisation began to move towards a more targeted, sustainable and observable data-centric approach to security.
Assessed the current control landscape and identified potential improvements.
Classified based on probability, risk and impact.
Developed a proof of concept to show impact and value of proposed controls.
Drove proportionate adoption of new controls.
Incorporated security and data considerations into organisational governance.
Designed and implemented metrics to measure progress and performance.
Raised awareness and understanding of data, associated risks and the need for effective security.
Created a more robust control environment with clearer observability and measurement of risks and how to manage these.
Greater scalability using metadata driven rules to reduce the volume of duplicate access rules by 99% while increasing their effectiveness.
A focus on controlling critical data sets to support business objectives and drive business value.
Ability to automate compliance based on standard classifications and leverage metadata to support regulatory compliance including GDPR article 30 Purpose of Processing.
Fostered a culture of continuous learning and awareness.
