Introduction

In today’s digital era, data is often referred to as the “crown jewels” of any organization. Sensitive data can include Personally Identifiable Information (PII), such as customer and employee data, intellectual property, and source code. These critical assets need to be safeguarded against internal and external threats, including unauthorized access, data breaches, and other malicious activities. At DISQO, we know that trust is essential for building successful relationships with our members and customers. That’s why we take the security of their data very seriously. We use a variety of security measures to protect their data, including tagging sensitive resources.

We believe that by building the most trusted customer experience platform, we can create a safe and secure environment where our members and customers can thrive.

Tagging sensitive resources can help organizations protect their valuable data and improve their overall security posture. This blog post discusses the importance of tagging sensitive resources and how it can aid in incident response, vulnerability management, and privacy.

Tagging Sensitive Resources

Tagging sensitive resources involves labeling data or assets with metadata that provides additional context to the asset’s sensitivity level. This metadata can include the data classification, data owner, and other relevant information. By doing so, it becomes easier to identify and track sensitive data and assets across different systems, networks, and cloud environments. At DISQO, we use automated tagging to identify network and storage resources that may be publicly exposed or contain sensitive data elements.

The main purpose of this function is to analyze various resources within our cloud infrastructure, such as EC2 instances, load balancers, security groups, subnets, and route tables. These components help manage and control the flow of data within our cloud environment.

Our automated tagging system analyzes these components and determines if any of our resources introduce potential risks from the public internet. It checks each component to see if they are directly accessible from the internet or if they have certain ports open that might pose a security threat. When the system identifies any resources that are publicly exposed or have risky ports open, it automatically adds specific labels or tags to them according to the risk level. These labels act as markers to indicate that these resources require special attention in terms of security. By tagging them, we can easily identify and prioritize these resources for further security measures.

The automated tagging process is crucial in maintaining a strong security posture for our cloud infrastructure. It allows us to quickly identify and address potential misconfigurations before they can even be considered as risks. By catching these misconfigurations early on, we can prevent any potential security breaches or data leaks.

Incident Response

In the event of a security incident or breach, tagging sensitive resources can help organizations respond and recover quickly and effectively. Bad actors can attack multiple resources to divert attention from their actual goal. By tagging resources, incident responders can quickly triage and focus their attention on the most sensitive targets (crown jewels). Incident responders can then take appropriate measures to contain the breach, mitigate the damage, and restore normal operations. This approach also helps to minimize the risk of data loss, unauthorized access, and other malicious activities.

Vulnerability Management

Tagging sensitive resources can also aid in vulnerability management by providing visibility into the critical assets that require immediate attention. Vulnerability scanners can be configured to prioritize scanning sensitive resources based on their tags, reducing the time to remediate vulnerabilities and the overall risk of exploitation. This also aids operations teams who are often tasked with remediating many vulnerabilities. Tagging allows for the prioritization of remediating sensitive resources. For example, vulnerabilities on resources that house sensitive data must be remediated within X amount of days, whereas less critical resources may have a longer SLA (service-level agreement) for remediation. This is especially helpful for resource-constrained organizations.

Privacy

Tagging sensitive resources is also essential for maintaining data privacy and compliance, especially with the General Data Protection Regulation (GDPR). Organizations can use these tags to implement data access controls, data retention policies, and data encryption protocols. This approach ensures that only authorized personnel can access sensitive data and that it is stored securely, reducing the risk of data leakage or theft.

Conclusion

Overall, the automation framework we use at DISQO helps us to ensure that we are constantly vigilant about our cloud security and eliminates the chance of any potential vulnerabilities going unnoticed.

Protecting the crown jewels of an organization requires a holistic approach that involves various security measures. Tagging sensitive resources is a critical first step in safeguarding valuable data and assets, as it provides visibility, reduces incident response, streamlines vulnerability management, and ensures data privacy and compliance. Organizations must prioritize tagging sensitive resources as part of their overall security strategy to maintain the integrity and confidentiality of their critical data.


Jason Mathison is a Lead Cloud Security Engineer at DISQO, where he works on the Global Information Security and Privacy team. Jason has over 20 years of experience in information security, where he has held a variety of roles. He is passionate about the fundamentals of security and helping organizations improve their security posture. In his free time, Jason enjoys spending time with his family, doing home improvement projects, traveling, and skateboarding.

See more articles by Jason Mathison.