News
Vendors

DeNexus Trusted Ecosystem provides data security foundation for cyber risk quantification, management

September 21, 2023
DeNexus rolls out DeRISK 5.4 with DNX-CSF, enhanced inside data-driven attack and risk modeling

DeNexus unveiled details about the DeNexus Trusted Ecosystem, a structured, data-trusted ecosystem that forms the foundation for effective risk quantification. The DeNexus Trusted Ecosystem is built on a foundation of robust standards procedures encompassing data collection, storage, analysis, and sharing, creating a framework of interconnected components. It helps ensure trust within these ecosystems which is both an ethical responsibility and a technical challenge.

The DeNexus Trusted Ecosystem offers a secure method for safeguarding information and maintaining its integrity, enabling seamless sharing among various stakeholders within the cyber risk management and transfer process, Alessandro Nepoti, chief technology officer at DeNexus, wrote in a company blog post. “This includes asset and risk owners, risk managers, cybersecurity experts, underwriters, reinsurers, alternative capital providers, investors in Insurance Linked Securities (ILS), and funds.”

Nepoti detailed that data governance implemented in the DeNexus Trusted Ecosystem defines how to manage data throughout its lifecycle. This includes data lineage, encryption, retention policies, data archival, and data disposal procedures to minimize the risk of data leaks or unauthorized access to data.

“With multi-key encryption, a robust security measure involving multiple encryption keys to protect data, the DeNexus Trusted Ecosystem encrypts data at rest and in transit using different keys,” according to Nepoti. “Even if one key is compromised, the data remains secure because attackers need access to all keys to decrypt it. With multi-key encryption, DeNexus and its customers have control over their encryption keys, ensuring that data sovereignty remains within their jurisdiction and under their control.”

Addressing data lineage, Nepoti said to track and visualize data as it moves through various processes and systems within the organization, a data lineage is implemented to provide a comprehensive record of where data originates, how it is transformed, and where it is ultimately consumed. “This transparency is invaluable for building trust in data, as it allows DeNexus and his stakeholders to understand data’s journey from source to destination clearly.”

He further added that data lineage provides transparency and accountability, while multi-key encryption safeguards data, enabling organizations to build trust with stakeholders and comply with data protection regulations. “By incorporating these practices into DTE, DeNexus can foster a data trust and security culture in an increasingly data-centric world.”

Nepoti identified that controlling who can access what data is crucial. “Role-based access control (RBAC) and attribute-based access control (ABAC) are methods used to grant permissions based on predefined roles or attributes. Implementing fine-grained access control of the DeNexus Trusted Ecosystem ensures that only authorized individuals or systems can access specific data, reducing the risk of data breaches,” he added.

The DeNexus Trusted Ecosystem must maintain data quality and integrity, according to Nepoti. “Data validation checks, checksums, and data profiling tools ensure data accuracy, consistency, and reliability. Monitoring data access and changes is essential for maintaining trust. The DeNexus Trusted Ecosystem implements comprehensive data auditing and monitoring systems that allow for real-time detection of suspicious activities.”

Sharing data across organizational boundaries is often necessary, Nepoti detailed that the DeNexus Trusted Ecosystem implements secure data sharing mechanisms through APIs with OAuth2 authentication. The move ensures that data is shared only with authorized parties and maintains confidentiality during transit.

Nepoti added that technical failures and disasters can disrupt data ecosystems. “Robust disaster recovery and backup strategies, including off-site backups and automated failover mechanisms to ensure data availability and integrity.”

While technical measures alone are not enough, Nepoti said that training and raising awareness among DeNexus’ employees about data security best practices is essential. Robust standards and procedures, along with SOC2 Type 2 certification, play a pivotal role in establishing and maintaining trust.

The DeNexus Trusted Ecosystem is a combination of technical measures and organizational commitment that secures the efficient and safe collection, storage and transfer of highly sensitive cyber data from physical critical infrastructures, Nepoti concluded.

Earlier this month, DeNexus launched a freemium version of its DeRISK platform to assist OT (operational technology) stakeholders justify and secure their 2024 cybersecurity budgets utilizing DeRISK’s Cyber Risk Mitigation Project Simulator. The limited release is currently available to select electricity generation companies.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs