With the Super Bowl just a few days away let’s talk a bit about perfection when it comes to data security. In the AFC Championship game the New England Patriots didn’t play perfect football, but they did stop the San Diego Chargers from getting into the end zone and maintain their perfect record. The Patriots continually modified the game plan to overcome challenges, as they cropped up, to get to the Superbowl. Data security isn’t much different; enterprises need to continually make adjustments to the plan if they want to keep their data protection record perfect.

Traditional data security has been primarily focused on keeping the bad things (or the bad guys) out. That not only includes things like viruses and spam but also targeted attacks by hackers. Solutions such as firewalls, VPN’s, IPS, anti-x gateways, access control and encryption have all been important when it comes to securing data against threats, but they haven’t been perfect, especially when it comes to protecting against data breaches. This means that the game plan needs to change -- the defense needs to be adjusted to respond to the new offensive challenges (data threats).

Securing data against the insider threat (insiders gone bad or hackers masquerading as insiders by using pilfered credentials) has been a particularly challenging offensive move to beat. Overcoming it requires a modified game plan that includes a layered Inside-Out defense (core data servers to the edge). This play includes Making sure the core data servers are secured, monitoring and securing data as it leaves the organization, monitoring data on endpoints and encrypting data when appropriate. Making sure the core data servers are secured. As the Patriots know, protecting the critical assets--in their case the end zone-- is critical to winning the game.

Enterprises must realize that all layers play a specific and critical role in an effective defense. Monitoring and filtering the perimeter is important to secure messaging protocols, and web protocols to ensure that specific data doesn’t leave the company. Monitoring and securing the endpoint ensures that certain types of data are not copied onto peripherals and stolen. Encryption ensures that if content is stolen or lost its value is cannot be leveraged. Auditing, monitoring and securing data in the data center (structured and unstructured data) is the last, critical line of defense.

Inside the data center, databases and file servers contain the bulk of confidential, proprietary, customer related and critical data. This is the “red zone”. And, the red zone defense must be tough enough to stop the determination of the opposition. Adding data activity auditing and monitoring at this layer creates a solid red zone defense, which can help stop a breach, unauthorized access to the data and any misuse of data from privileged internal users.

So, the “Outside-In Defense” is one that all enterprises should add to their defensive play book if they want to stop the offense before they get to the data end zone. No score, no breach and the good guys have the ball back in their possession. Pass the nachos.

Lee Weiner is the director of product management at Tizor Systems and a New England Patriots fan