Data Compliance

5 Data Security Lessons from Game of Thrones

You don’t need to be a GoT fan to understand the parallels that exist between the Game of Thrones universe and today’s data-driven world. Hear a cybersecurity expert’s perspective on what HBO’s hit series can teach us about thriving in today’s digital era.

Hims Pawar

Jun 17, 2019

Today’s business landscape is nothing more than a modern day Game of Thrones — a battle (to the death) of factions. In today’s enterprise world, data is the magical weapon used to gain a competitive advantage. The companies who can harness the power of fast, secure data are those that will disrupt and become market leaders.

Similarly in GoT, as alliances shift and blocs of power are created, true power lies with the house who has the strongest army and claims the Iron Throne. But the reality is — while companies and houses view data and military strength as their most strategic asset, very few use it to their advantage.

And in a world where every day is "winter" for data teams, their pain is increasing and their speed is slowing. Here are 5 lessons from HBO’s hit series, Game of Thrones, about how to ensure your house survives the enterprise Game of Thrones to come.

1. “The man who passes the sentence should swing the sword.”  — Ned Stark

In the security space, you are responsible for your own digital assets. You can’t assume someone else will secure your data and systems. Security is everyone’s job and if your data is at risk, you need to take action and protect it. Do not expect AWS to protect data if you keep your IAM policies loose.

2. “You know nothing, Jon Snow.”  —Ygritte

Anyone can be a hacker, and hackers are oftentimes a step ahead of the protectors. Any system can be compromised if you leave out any security posture. You may have the fanciest DDOS protection, like Cloudflare, and the best anti-malware tools, like Falcon, but if you trust without verifying, you will suffer (like Jon Snow). Every email coming into the organization must be treated with suspicion and could be a phishing exercise.

3. “Be very careful with what you trust.”  —Varys

Always have in-depth layered security and defense. You should always be careful with access control and the people in which you give access to your systems because the most trusted tools and sources can still be compromised. Insider attacks can cripple you. Do not let discretion come in the way of security.

4. “Chaos isn’t a pit. Chaos is a ladder.”  —Lord Baelish

Have a proactive incident response policy and use it when things go wrong — because they will go wrong. Data never lies, so don’t base your decisions on hunches. Data and visualizations tools, like Splunk, take threats we cannot perceive directly and make them accessible to our human sensory system through correlation, time mapping, and a graphical display that echoes our own visual systems.

5. “The night is dark and full of terrors.” —Melisandre

It is a dangerous cyberworld out there. If you are a novice, you will be compromised. Threats aren’t visible, so don’t wait to follow what your CISO friend is doing at his or her company. The adversary is not a small town hacker but a sophisticated Advanced Persistent Threat (APT) who has a team conducting reconnaissance on you all the time. They may even be inside the castle walls already, waiting for the right time to strike.

Winter is (Always) Coming

All too often, businesses are forced to choose between locking down data rather than making that data easily available to teams who are trying to innovate and grow the business. Traditional data security approaches rely heavily on network-oriented perimeter defenses, but do nothing to protect the interior — the data itself.

Cybersecurity problems do not have a symptom. You could be leaking data from any part of the organization, which is why it’s critical to have alignment among people, process, and technology to enable the rapid, automated, and secure management of data. As a result, businesses that are positioned to leverage fast, secure data will be ready to make fast and intelligent decisions.

Even with the best tools, brightest people, and unlimited budgets — security is only as good as its weakest link. In a world where every company must become a data company, modern enterprises need to find a way to design security into the innovation workflow.

Security cannot be an afterthought — winter is always coming and any wall can be breached.