August 17, 2015 By Leslie Wiggins 4 min read

These days, data security breaches are more — and more expensive — than ever. The average total cost of a data breach is now $3.8 million, according to the “2015 Cost of Data Breach Study.” In the last year alone, we have seen many company records stolen, resulting in loss of sensitive data, compromised brand reputation and huge costs incurred. The vast majority of value in most businesses rests in intellectual property such as customer data, product designs, sales information, proprietary algorithms, communications, etc.

Damaging Hacks Negatively Impact Business

The most damaging security incidents are those that involve the loss or illicit modification or destruction of sensitive data. Think of high-profile cases such as:

  • Community Health Systems: In August 2014, information on 4.5 million patients was stolen in a cyberattack.
  • UPS: A reported data breach may have occurred in 51 UPS stores, leading to the theft of customer payment information.
  • Sony: Details continue to come out about the Sony breach. In early December 2014, cybercriminals leaked five unreleased movies along with some employees’ Social Security numbers.
  • The U.S. Office of Personnel Management (OPS): Leaks affected 18 million government employees, including those with high security clearances.
  • Ashley Madison: Data from almost 40 million user accounts on the website was lost, including names, credit card information and other personal details.

Many security systems do a good job focusing on perimeter security, but they often forget to secure this sensitive data that sits at the heart of most businesses. And so it raises the question: Are you doing enough to protect the sensitive data that runs your business?

For effective data protection, organizations need to be able to support three core capabilities: analyze threats to sensitive data and automatically uncover risks; control and protect sensitive data; and adapt to change to keep up with emerging and ever-changing data security requirements.

Read the solution brief to learn more about Securing the data that powers your business

The Data Security Triple Crown

Let’s take a closer look at what it takes to win the Triple Crown of sensitive data protection — and to ensure you have comprehensive data security.

1. Analyze

You might be wondering what analytics has to do with data protection. Analytics is an essential part of being able to uncover threats and identify real risks. When it comes to cost efficiency and the changeable nature of data, security teams cannot manually determine where all sensitive data resides or keep up with it as it is shared and moved around. For successful data protection, you need a solution that can automatically discover and classify sensitive information in a way that makes sense to the individual business, and it needs to be easy to work with.

Entitlement management capabilities are also essential to automate the enforcement of security policies — for example, masking data at the right time or blocking access to sensitive data. Lastly, sophisticated analytics capabilities such as outlier detection and forensic analytics need to be part of your solution so that you are able to understand what’s happening to your sensitive data as it’s happening and put a stop to risky behavior.

2. Protect

Once you have analyzed and identified sensitive data and established the right entitlement levels, you can start protecting data. Protecting data has a few elements to it, including:

  • Shielding the business from financial risk with automated data compliance and extensive audit capabilities;
  • Controlling sensitive data through functions such as encryption, masking, redaction, dynamic blocking, alerting and quarantining nonstandard activities;
  • Leveraging real-time activity monitoring and blocking capabilities to prevent illicit internal and external access to sensitive data and material.

A comprehensive data protection solution should be able to capture and examine all sensitive data traffic, including local access by privileged users. Maintaining separation of duties is also an important part of the sensitive data protection equation. Then, when it comes to actually protecting sensitive data, solutions need to offer a full range of data protection capabilities such as encryption, static data masking and redaction capabilities and dynamic data masking, as well as the blocking, alerting and quarantining of suspicious users and abnormal access requests. These activities should occur wherever sensitive data resides, including databases and marts, cloud environments, big data platforms and others.

3. Adapt

As IT landscapes change and shift to accommodate new users, new data types and new technologies, data protection solutions must be able to adjust to the evolving environment. Leaving gaps creates additional vulnerabilities, which leaves you open to risks.

Robust data protection solutions should be able to adapt in a few important ways:

  • Support traditional as well as disruptive data technologies such as Hadoop, NoSQL and cloud.
  • Easily expand to grow from focused approaches, such as supporting compliance requirements to support end-to-end data protection.
  • Leverage a single data protection infrastructure — one that can automatically adjust to your data security requirements — across the entire data environment to help reduce costs and improve results.
  • Support a heterogeneous environment across databases, big data platforms, applications, cloud vendors, SIEM solutions and more.

The Race to Protection

If your data security solution has the ability to analyze, protect and adapt, you are able to provide comprehensive data protection for your organization and are well on your way to winning the data security Triple Crown. If you are only able to support one or two of these requirements, however, you most likely have some gaps in your protection plan that need remediation. Gaps create vulnerabilities in data protection that lead to increased risks and could ultimately result in the loss of sensitive data.

By winning the data security Triple Crown, you are able to reduce risks and enable the business to keep the sensitive data that it needs to succeed.

Learn how IBM Security Guardium helps analyze, protect and adapt for data Security

More from Data Protection

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today