5 Data Security Lessons from Game of Thrones

You don’t need to be a GoT fan to understand the parallels that exist between the Game of Thrones universe and today’s data-driven world. Hear a cybersecurity expert’s perspective on what HBO’s hit series can teach us about thriving in today’s digital era.

Today’s business landscape is nothing more than a modern day Game of Thrones — a battle (to the death) of factions. In today’s enterprise world, data is the magical weapon used to gain a competitive advantage. The companies who can harness the power of fast, secure data are those that will disrupt and become market leaders. 

Similarly in GoT, as alliances shift and blocs of power are created, true power lies with the house who has the strongest army and claims the Iron Throne. But the reality is — while companies and houses view data and military strength as their most strategic asset, very few use it to their advantage.  

And in a world where every day is "winter" for data teams, their pain is increasing and their speed is slowing. Here are 5 lessons from HBO’s hit series, Game of Thrones, about how to ensure your house survives the enterprise Game of Thrones to come. 

1. “The man who passes the sentence should swing the sword.”  — Ned Stark

In the security space, you are responsible for your own digital assets. You can’t assume someone else will secure your data and systems. Security is everyone’s job and if your data is at risk, you need to take action and protect it. Do not expect AWS to protect data if you keep your IAM policies loose.

2. “You know nothing, Jon Snow.”  —Ygritte

Anyone can be a hacker, and hackers are oftentimes a step ahead of the protectors. Any system can be compromised if you leave out any security posture. You may have the fanciest DDOS protection, like Cloudflare, and the best anti-malware tools, like Falcon, but if you trust without verifying, you will suffer (like Jon Snow). Every email coming into the organization must be treated with suspicion and could be a phishing exercise.

3. “Be very careful with what you trust.”  —Varys

Always have in-depth layered security and defense. You should always be careful with access control and the people in which you give access to your systems because the most trusted tools and sources can still be compromised. Insider attacks can cripple you. Do not let discretion come in the way of security. 

4. “Chaos isn’t a pit. Chaos is a ladder.”  —Lord Baelish

Have a proactive incident response policy and use it when things go wrong — because they will go wrong. Data never lies, so don’t base your decisions on hunches. Data and visualizations tools, like Splunk, take threats we cannot perceive directly and make them accessible to our human sensory system through correlation, time mapping, and a graphical display that echoes our own visual systems.

5. “The night is dark and full of terrors.” —Melisandre

It is a dangerous cyberworld out there. If you are a novice, you will be compromised. Threats aren’t visible, so don’t wait to follow what your CISO friend is doing at his or her company. The adversary is not a small town hacker but a sophisticated Advanced Persistent Threat (APT) who has a team conducting reconnaissance on you all the time. They may even be inside the castle walls already, waiting for the right time to strike.

Winter is (Always) Coming  

All too often, businesses are forced to choose between locking down data rather than making that data easily available to teams who are trying to innovate and grow the business. Traditional data security approaches rely heavily on network-oriented perimeter defenses, but do nothing to protect the interior — the data itself. 

Cybersecurity problems do not have a symptom. You could be leaking data from any part of the organization, which is why it’s critical to have alignment among people, process, and technology to enable the rapid, automated, and secure management of data. As a result, businesses that are positioned to leverage fast, secure data will be ready to make fast and intelligent decisions. 

Even with the best tools, brightest people, and unlimited budgets — security is only as good as its weakest link. In a world where every company must become a data company, modern enterprises need to find a way to design security into the innovation workflow

Security cannot be an afterthought — winter is always coming and any wall can be breached. 

Suggested reading


Secure All Software Environments, Not Just Production

For each production instance of an application, there are at least five, in some cases 10 or 20, instances existing in non-production environments. That’s why it’s critical for enterprise IT to pay closer attention to the vast majority of sensitive data existing within non-production environments.

Why Policy-Driven Data Obfuscation Should be the Cornerstone of Your Enterprise Data Security Strategy

IT teams are oftentimes faced with complex challenges regarding enterprise-wide data security, but a clearly articulated, policy-driven data masking technique can ease implementation and reduce cost.

Automation is Your Secret Weapon to Fast, Accurate Discovery of Sensitive Data

As data continues to grow at an accelerated pace and become more heterogeneous, learn why automation is key to discovering sensitive information, quickly and accurately.