Faced with rapid digital transformation, security and risk management professionals are tasked with implementing new paradigms to both mitigate risk and reap the rewards of our increasingly connected world. Digital trust is complex, exponential, and indispensable to this new economy, and the ‘chain of trust’ between multiple entities and continuously changing contexts demands new thinking. All this makes it even more challenging to determine where to start.
Gartner industry analyst Neil MacDonald acknowledges that “digital risk and trust are fluid, not binary and fixed, and need to be discovered and continuously assessed, alerting security and business leaders to areas of unexpected or excessive risk,” and he outlines seven imperatives for implementing Continuous and Adaptable Risk and Trust Assessments (CARTA) into information security management programs.1 In the absence of absolute truth and perfect knowledge of all factors, this programmatic attention to the individual contexts of every digital transaction is exactly what powers Ionic Machina.
Below, you’d find an outline of Gartner’s CARTA imperatives alongside some tactical suggestions from Ionic and our customers on how to continuously assess your digital transactions for risk and trust, at every level of your stack.
CARTA Imperative #1
“Replace one-time security gates with context-aware, adaptive, and programmable platforms”1
Ionic Machina data protection and access controls travel with the data as it moves through data silos, controlling access through a real-time policy engine that can adapt to the context of each request.
Connect Machina to multiple data sources to continuously assess decisions to authorize access to data. Our customers program policy decisions to consider factors around the context of a request—like network ID, device used, or even the risk score of the device itself—adapting policy decisions to the changing levels of risk and trust within their ecosystems.
CARTA Imperative #2
“Continuously discover, monitor, assess, and prioritize risk and trust – reactively and proactively”1
Machina does not infer trust from system ownership; trust is continuously evaluated across a rich set of attributes that go beyond those considered in traditional perimeter-based or even identity and access management-based approaches.
Provide context-based entitlements using both role- and attribute-based access controls (RBAC and ABAC), which include user identity attributes, attributes around the data, and attributes around the context of the request itself. Our customers monitor policy decisions to react to issues that arise, but they also modify policy to proactively build privacy by design into their entitlements evaluation process.
CARTA Imperative #3
“Perform risk and trust assessments early in digital business initiatives, including development”1
Machina provides portable data protection as a service that can be used simply, with just a few lines of code; this provides clear guiderails with a minimum of effort.
Instrument applications with the Machina Tools — SDK to build consistent data control, protection, policy orchestration, visibility, and even encryption into development cycles. Our customers are “shifting left” to bring the unified and consistent evaluation of risk and trust into their application development cycles, especially as new digital business capabilities are being created.
CARTA Imperative #4
“Instrument for comprehensive, full-stack visibility, including sensitive data handling”1
Machina provides superior and granular visibility to all policy decisions and data authorization process made around your organization’s most sensitive data in real-time.
Monitor your organization’s digital trust transformation through real-time maps of how data is being created and shared. Our customers manage complex full-stacks of security solutions, all designed to protect the data that runs their businesses, and Ionic’s telemetry about how data is being consumed adds visibility simply not found in other layers.
CARTA Imperative #5
“Use analytics, AI, automation, and orchestration to detect faster and prioritize risk response”1
Because Machina’s controls and protection can be invoked on the fly as risks arise, unlike traditional data loss prevention solutions, the risk of an incident becoming a breach is much lower.
Orchestrate a new data security strategy that provides policy and data visibility to reduce overhead, mitigate excessive risks, and respond more quickly to threats. Our customers correlate Ionic log data with other sources to dramatically decrease a security operation center’s time to respond to an incident, and Ionic’s encryption can even prevent incidents from becoming breaches in the first place.
CARTA Imperative #6
“Architect security as an integrated, adaptive, programmable system, not as silos”1
Ionic’s Machina Developer Portal offers tutorials to help developers build security natively into their applications and processes, whatever the language, which architects through a single plane of control across data silos.
Leverage Machina’s extensible APIs to integrate security controls across silos—such as cloud storage, cloud applications, files, email, custom applications, and data repositories—and to bring transaction log files directly into preferred central analytics tools. Our customers consume Machina log files through security information and event management tools like Splunk and HPE ArcSight.
CARTA Imperative #7
“Put continuous risk visibility, decisions, and ownership into business units and product owners”1
Rely upon historical records of how sensitive data is actually shared across increasingly complicated digital ecosystems to empower business owners to make data-driven decisions around risk. Our customers face the challenges of bringing together diverse teams to manage security, risk, and governance issues; the visibility Ionic provides helps business owners respond to risks and audits with completeness and simplicity.
Machina’s continuous monitoring of data transactions provides valuable intelligence to integrate risk management and information governance across the organization.
- Gartner, Seven Imperatives to Adopt a CARTA Strategic Approach, Neil MacDonald, 10 April 2018