How Defense in Depth Gets Data Protection Right

Meeting the challenges of data protection requirements in todays increasingly connected, complex business environment demands alertness at all times. Heres how one energy company, Engie Insight, is meeting those challenges.

When it comes to preventing cyber attacks, no one technology can prevent a determined attacker from breaking into an enterprise network. However, a combination of preventative tools, best practices and employee training has helped one energy company bolster its security defenses over the past several years.
Engie Insight
, which is based in Spokane, Wash., helps large businesses and Fortune 500 companies manage their energy use. The company recently rebranded its name from Ecova to better aligned with its French parent company.
However, beyond energy use and name changes, Engie has worked to meet the challenges that come with modern security practices, namely data protection and improved alertness. The company recently achieved
Service Organization Control (SOC)2 Type 1
for data security and availability trust principles in its
utility business efficiency platform
, which shows a significant commitment to data security.
(Source:
Pexels
)
To learn about how enterprises can improve their own data protection and make better use of employee security training, Security Now spoke with
Paul Carugati
, Engies director of information security.
In the companys experience, the most comprehensive way to defend against modern cyber attacks is to layer multiple preventative and detective controls to ensure maximum protection and response capabilities at all times, according to Carugati.
This is known as
Defense in Depth
and is a best practice for enterprise information security programs, Carugati said.
One of the most intriguing aspects of data protection for an organization after having been a victim of a cyber attack is to know how other companies protect and secure their data.
In order to ensure its client and sensitive data remain unsullied the information security program is aligned with industry standards such as the
NIST Critical Infrastructure Protection
and
ISO 27001-2013 framework
, which focus on a combination of people, process, technology and risk management controls to minimize incident and response, containment and recovery.
Society thinks of health prevention as a wise step, something that keeps us away from being victims of illness and virus attacks and, for Carugati, its no different in the enterprise. The more prevention the less risk [there is] to let unattended vulnerabilities damage and steal our data, he said.
For Carugati, technology such as next-generation firewalls, intrusion prevention, data leakage detection and anti-virus are all valuable, foundational security controls for prevention, or early detection.
The fundamentals of network security are being redefined – dont get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth annual
Big Communications Event
. Theres still time to register and communications service providers get in free!
But true prevention lies with the understanding of critical information assets and the knowledge of associated enterprise risks which drive right-sized controls around the data that is most crucial to the organization, Carugati said. A purpose-fit information security program must be well-rounded and driven by the data of concern.
Together with prevention and the understanding of critical risks the enterprise might be exposed to, is security education. And humans, if not educated in how to prevent security threats, represent the most serious internal risk a company can have.
Above all else, Carugati added, people are the most critical component to any information security program. People are the new threat landscape and as such, are the primary targets in modern cyber attacks. Users are the attack vector, but also the first line of defense.
Proper security education, coupled with frequent assessment and testing, is an organizations greatest preventative control to thwart an impending cyberattack.
Enterprises should never underestimate the power of their people to report the early warnings signs that could lead to a major data breach, Carugati said.
Related posts:
Nokias Efforts to Lead in Security
Security, Cloud & the SBC
FaceID Faces Security Headwind
—
Susan Fourtané is a science and technology journalist and content writer, whose work has appeared in global publications and Youris.com, the European Research and Innovation Media Centre. She is based in Europe. Follow her on Twitter
@SusanFourtane
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
How Defense in Depth Gets Data Protection Right