Data breaches are becoming increasingly costly. In 2021, the cost of a data breach reached $4.24m, up from $3.86m, according to data by IBM.
A major contributing factor to increased costs has been remote working. The report claims the average cost was $1m higher in breaches where remote work was a factor in the cause.
Remote working is unlikely to disappear, which means firms will need to find better ways to prevent breaches being caused through remote workers. One solution pegged to do this is application controls.
Diligent, a GRC solution developer, has released a report exploring what application controls are and their best practices.
To see why application controls are important, going back to the IBM report it found that organisations leveraging security AI application controls were spared $3.81m in costs compared to those that did not.
Application controls are quite simply a set of steps organisations can implement within their applications that keep data private and secure. Whenever data is shared from one user or application to another, there is a risk of compromising data. Application controls complete a series of checks to authenticate applications and data before it can be shared. Information will only be given to authorised users.
These types of controls should not be confused with general controls, which are also an important part of security, it said. General controls cover digital, software, hardware and manual controls and support a range of safeguards within a system that apply to compute operations, administration, data security, software, hardware and more. Application controls are a much more specific area of information systems.
There are three main types of application controls, input controls, output controls and processing controls.
The first type governs the data inputs in an application. These controls prevent a user from entering unvalidated information into a system. They could also require data to be entered in a certain format or need certain authorisation.
Output controls protect data when transmitting it between applications. By leveraging these, organisations can verify that data gets sent to the right user by tracking what the data is, whether it is complete and what its final destination is.
Finally, processing controls allow organisations to verify that incoming data is correctly processed before it is added to the information system. This involves establishing rules for processing data and ensuring these are followed every time.
Read the full post here.
Copyright © 2018 RegTech Analyst
