We live in interesting times—or, if you are the victim of a data breach, maybe you don’t really feel that way! For the past several years there have been continuous ‘expert’ statements like “this is the year of the data breach” … and yet we continue to have major incidents in the news regularly. In 2015, high profile incidents like VTech, Ashley Madison, the United States Internal Revenue Service, Experian (T-Mobile), and the Hacking Team all illustrate that there is still some work to be done around how corporate and consumer data is protected.
With this in mind, last week the California Auditor General released the latest California Data Breach report. The report analyzes the 657 data breaches reported to the Attorney General’s office from 2012 to 2015, and interestingly, highlights that the majority of the reported breaches were the result of security failures. Based on this, the report makes specific recommendations to organizations, including leveraging the SANS Top 20 Critical Security Controls to apply what the Attorney General believes constitutes “reasonable security measures” to protect personal information under California law.
The Critical Security Controls (CSC) are a framework for implementing effective security in enterprise and government organizations. In fact, the controls have been mapped against major frameworks (ex: NIST 800-53, ISO 27002, and NSA Top 10) as well as major industry regulations (ex: PCI DSS 3.1, HIPAA, and NERC). With modern deployments that may include both virtualized data centers and cloud workloads (often called hybrid cloud), organizations are faced with significant challenges to consistently apply the CSC, especially using legacy security approaches.
With this in mind, we have put together a quick summary of how Trend Micro Deep Security can help across 14 of the 20 requirements. Unlike single purpose security offerings, having a single product that can address multiple requirements can significantly reduce the cost and complexity of applying the CSC framework, and, importantly, make an organization more secure through an ability to centrally control and report across all deployment types (physical, virtual, cloud). Delivered with tight integration to leading environments including VMware, AWS, and Microsoft Azure, Deep Security is at the heart of our Hybrid Cloud Security Solution, and is helping thousands of organizations secure millions of servers around the world today. You can find out more about how Deep Security can help, in the words of the California Auditor General, apply “reasonable security measures” to your organization here: www.trendmicro.com/hybridcloud.