Data drives enterprise success. The collection, identification and analysis of big data is critical to inform new strategies and help companies get ahead. As a result, organizations are adopting new collar hiring techniques to find the best and brightest data talent, while emerging tools are helping companies make the most of their massive data stores. As noted by InfoWorld, data lakes are now becoming data warehouses thanks to artificial intelligence (AI)-driven automation.
But in the rush to adopt new technologies and hire new talent, it’s easy for data protection to fall from C-suite priority to enterprise also-ran. So let’s break it down: What is data protection? Why does it matter so much? And how can companies implement protection processes that deliver better defense without derailing business value?
What Is Data Protection?
Data protection is the process of securing digital information without limiting the organization’s ability to use this data for business purposes or compromising consumer and end-user privacy.
Protecting data therefore falls into the simple-but-not-easy category of infosec initiatives: IT professionals have no trouble visualizing a secure data landscape, but the increasing complexity and scope of cloud computing deployments, internet of things (IoT) adoption and AI-enabled technologies makes designing a defense road map more difficult than it appears.
In fact, according to “The Fourth Annual Study on The Cyber Resilient Organization,” many companies lack consistent, effective security plans around data protection. Only 23 percent have cybersecurity incident response plans applied consistently across the entire enterprise, and 57 percent reported facing cybersecurity incidents that significantly disrupted IT and business operations in the past two years.
The Business Value of Data Security
Data is valuable, both to organizations and malicious actors. The massive amount of personal, financial and intellectual data enterprises collect makes a tempting (and lucrative) target for attackers. Data breaches cost companies more than $3.8 million on average, and over the next 24 months, more than one-quarter of businesses will experience a recurring material breach.
As a result, data breaches represent the most immediate need for effective enterprise data defense. Better protection means better compliance and reduced monetary losses, reputational damage and impact to line-of-business operations. Improved security processes are also critical for emerging business priorities, including:
- Digital transformation — More than 60 percent of enterprises now have active digital initiatives, with 52 percent planning to “fully transform” their organization. But delivering on digital promises demands a secure framework capable of handling both current protection needs and safeguarding new solutions.
- Compliance and regulations — Evolving compliance requirements and governmental regulations demand improved data protection to demonstrate due diligence. Ignorance of data value or user privacy needs is no excuse for slipshod security.
What Are Some Barriers to Data Protection?
With data defense now in the vanguard of effective enterprise information security, what’s holding companies back? The following four common complexities conspire to limit the effectiveness of data protection:
- Expanding attack surfaces — From the cloud to IoT devices, mobile networks to remote workers leveraging corporate networks 24/7, the sheer size and scope of attack surfaces is daunting for even the most experienced enterprise IT teams.
- Common vulnerabilities — Common security slip-ups related to access management, IoT security and network monitoring continue to frustrate organizations as the scope of data expands and the necessary talent and technology to defend digital assets lags behind.
- Evolving privacy and reporting requirements — As noted by security expert Frank Abagnale, consumers now “fundamentally assume that the companies are always striving to stay ahead of the bad guys.” But this is no easy task, especially as new breach reporting regulations demand speedy user notification and auditable proof that companies are effectively securing personally identifiable information (PII).
- Increasing IoT and mobile adoption — While 30 percent of IT experts are hesitant to adopt bring-your-own-device (BYOD) due to security concerns such as data leakage, shadow IT and unauthorized data access, there’s a now a growing acceptance of personal device use in the workplace. Companies can’t avoid BYOD adoption but need better strategies to defend the data created, transmitted and stored across these evolving mobile networks.
Better Data Protection Starts With Encryption
The first step toward better data protection is encryption. Encrypted data both frustrates attacker efforts and satisfies most regulatory expectations around due diligence. But how much encryption is “enough?” According to Stephanie Balaouras, research director for the security and risk team at Forrester Research, “You can never have too much encryption.”
It’s also critical to adopt a more aggressive approach to data defense and database activity monitoring and alerting. Leslie Wiggins, senior product manager for IBM’s data security portfolio, described it as defending your information “like a guard dog” to account for the rapid growth of mobile and cloud storage.
Finally, you need to locate and prioritize data across the organization. Not everything requires the same level of protection, but it’s essential to discover, define and defend key data sources.
3 Steps to Protect Enterprise Data
The new data landscape, driven by user privacy requirements, evolving regulations and the need for business-driven identity and access management (IAM) policies, has prompted the development of new standards for critical asset control. To better protect their data, security initiatives must deliver across three key areas:
Intelligent visibility — Using a combination of AI-driven solutions and automated monitoring tools, enterprises can gain unified oversight across data, cloud networks and endpoints. This produces critical insight into must-protect assets and potential avenues of compromise.
Proactive mitigation — Enterprises need effective endpoint and application security solutions to create, apply and enforce security across data at scale, in turn empowering proactive responses to potential threats.
Continuous control — Organizations must leverage comprehensive security solutions that allow them to create policies at scale, optimize asset protections and comply with regulatory requirements and policies, in turn delivering continuous control of all operational assets.
A full-featured data protection, asset defense and compliance strategy is no longer nice-to-have, but a must-have initiative for organizations of all sizes.
From data breaches to digital transformation and regulatory compliance, data-first defenses are essential to effectively leverage data assets to drive business function, defend user data from unwanted incursions, and satisfy emerging compliance and regulatory requirements.