August 6, 2019 By Douglas Bonderud 4 min read

Data drives enterprise success. The collection, identification and analysis of big data is critical to inform new strategies and help companies get ahead. As a result, organizations are adopting new collar hiring techniques to find the best and brightest data talent, while emerging tools are helping companies make the most of their massive data stores. As noted by InfoWorld, data lakes are now becoming data warehouses thanks to artificial intelligence (AI)-driven automation.

But in the rush to adopt new technologies and hire new talent, it’s easy for data protection to fall from C-suite priority to enterprise also-ran. So let’s break it down: What is data protection? Why does it matter so much? And how can companies implement protection processes that deliver better defense without derailing business value?

What Is Data Protection?

Data protection is the process of securing digital information without limiting the organization’s ability to use this data for business purposes or compromising consumer and end-user privacy.

Protecting data therefore falls into the simple-but-not-easy category of infosec initiatives: IT professionals have no trouble visualizing a secure data landscape, but the increasing complexity and scope of cloud computing deployments, internet of things (IoT) adoption and AI-enabled technologies makes designing a defense road map more difficult than it appears.

In fact, according to “The Fourth Annual Study on The Cyber Resilient Organization,” many companies lack consistent, effective security plans around data protection. Only 23 percent have cybersecurity incident response plans applied consistently across the entire enterprise, and 57 percent reported facing cybersecurity incidents that significantly disrupted IT and business operations in the past two years.

The Business Value of Data Security

Data is valuable, both to organizations and malicious actors. The massive amount of personal, financial and intellectual data enterprises collect makes a tempting (and lucrative) target for attackers. Data breaches cost companies more than $3.8 million on average, and over the next 24 months, more than one-quarter of businesses will experience a recurring material breach.

As a result, data breaches represent the most immediate need for effective enterprise data defense. Better protection means better compliance and reduced monetary losses, reputational damage and impact to line-of-business operations. Improved security processes are also critical for emerging business priorities, including:

  • Digital transformation — More than 60 percent of enterprises now have active digital initiatives, with 52 percent planning to “fully transform” their organization. But delivering on digital promises demands a secure framework capable of handling both current protection needs and safeguarding new solutions.
  • Compliance and regulationsEvolving compliance requirements and governmental regulations demand improved data protection to demonstrate due diligence. Ignorance of data value or user privacy needs is no excuse for slipshod security.

What Are Some Barriers to Data Protection?

With data defense now in the vanguard of effective enterprise information security, what’s holding companies back? The following four common complexities conspire to limit the effectiveness of data protection:

  • Expanding attack surfacesFrom the cloud to IoT devices, mobile networks to remote workers leveraging corporate networks 24/7, the sheer size and scope of attack surfaces is daunting for even the most experienced enterprise IT teams.
  • Common vulnerabilitiesCommon security slip-ups related to access management, IoT security and network monitoring continue to frustrate organizations as the scope of data expands and the necessary talent and technology to defend digital assets lags behind.
  • Evolving privacy and reporting requirementsAs noted by security expert Frank Abagnale, consumers now “fundamentally assume that the companies are always striving to stay ahead of the bad guys.” But this is no easy task, especially as new breach reporting regulations demand speedy user notification and auditable proof that companies are effectively securing personally identifiable information (PII).
  • Increasing IoT and mobile adoptionWhile 30 percent of IT experts are hesitant to adopt bring-your-own-device (BYOD) due to security concerns such as data leakage, shadow IT and unauthorized data access, there’s a now a growing acceptance of personal device use in the workplace. Companies can’t avoid BYOD adoption but need better strategies to defend the data created, transmitted and stored across these evolving mobile networks.

Better Data Protection Starts With Encryption

The first step toward better data protection is encryption. Encrypted data both frustrates attacker efforts and satisfies most regulatory expectations around due diligence. But how much encryption is “enough?” According to Stephanie Balaouras, research director for the security and risk team at Forrester Research, “You can never have too much encryption.”

It’s also critical to adopt a more aggressive approach to data defense and database activity monitoring and alerting. Leslie Wiggins, senior product manager for IBM’s data security portfolio, described it as defending your information “like a guard dog” to account for the rapid growth of mobile and cloud storage.

Finally, you need to locate and prioritize data across the organization. Not everything requires the same level of protection, but it’s essential to discover, define and defend key data sources.

3 Steps to Protect Enterprise Data

The new data landscape, driven by user privacy requirements, evolving regulations and the need for business-driven identity and access management (IAM) policies, has prompted the development of new standards for critical asset control. To better protect their data, security initiatives must deliver across three key areas:

  1. Intelligent visibility Using a combination of AI-driven solutions and automated monitoring tools, enterprises can gain unified oversight across data, cloud networks and endpoints. This produces critical insight into must-protect assets and potential avenues of compromise.

  2. Proactive mitigation — Enterprises need effective endpoint and application security solutions to create, apply and enforce security across data at scale, in turn empowering proactive responses to potential threats.

  3. Continuous control — Organizations must leverage comprehensive security solutions that allow them to create policies at scale, optimize asset protections and comply with regulatory requirements and policies, in turn delivering continuous control of all operational assets.

A full-featured data protection, asset defense and compliance strategy is no longer nice-to-have, but a must-have initiative for organizations of all sizes.

From data breaches to digital transformation and regulatory compliance, data-first defenses are essential to effectively leverage data assets to drive business function, defend user data from unwanted incursions, and satisfy emerging compliance and regulatory requirements.

Learn more about data security

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today