Blogs & Resources

Data Security Bytes 05: Why context of data and identity are important to reduce data breaches?

Supreeth Rao

Data Stores can be qualified by their security attributes which include configuration-based features such as: 

  • Is the data encrypted?
  • Are keys managed in a key management system (KMS) with the proper ownership?
  • Are the data stores accessible outside the VPC perimeter or the enterprises’ perimeter?

Similarly, attributes that are characterized as behavior-based like

  • Are the stores accessed by an atypical user or an over-provisioned account?

Identity also has many layers, from users to roles to how the identity has been commissioned. Additionally, looking at behavioral aspects of identity can reveal any abnormalities from an access perspective. Insights and understanding of the data from the classification context are essential for revealing the business impact of data and the financial implications of data risk.

Conclusion: To understand data security risks accurately, one needs identity and data context. This information is essential to correctly evaluate the complexity and impact of risk proactively before a data breach occurs. 

Vasil (Member Technical Staff, Theom) describes the importance of considering the context of data and identity to understand data security risks better.