I came across this article that talks about how 2 factor authentication is not enough and we now need three factors.   Does being totally reliant on the authentication mechanism of an application solve the security problem or does it make sense to limit people from ever getting to those applications as an additional form of security.

The articles talks about a 273% increase of compromised records this year vs last and the amount of dwell time being over 180 days. The containment time was also a length 59 days. With over 10 - 99 million records being lost.

Network segmentation and encryption can assist with prevention by first controlling access to the "credential vaults" while at the same time limiting access to these high value applications. Does everyone need access to every part of an app or just perhaps the web layer. Encryption should always be part of any application but some older application are challenged to invoke.  Perhaps the operating system running the encryption-less processes can assist.  Oh, if only any of what I said was easy!!!!! 

For those of you that haven't looked at host-based segmentation you really should. It provides all forms of logical segmentation (environmental/app ringfencing/micro-segmentation) within any public, private, container-enabled, virtual, or physical environment.  Using the firewall and the encryption capabilities of the operating systems means no change to environment nor any expensive hardware to purchase. Take a look what Illumio Adaptive Security Platform can do for you.