June 10, 2014 By Latha Maripuri 2 min read

Today, critical business data is under constant threat. Eliminating risk entirely is not an option for data security — not if you want to utilize and share critical data with trusted resources for business gain.

In an age of persistent, long-term attempts to steal corporate trade secrets, it would seem that no security program could be too strong. The strong encryption mindset leads some enterprises to encrypt all of their critical data, allowing access only to key users.

Once you’ve discovered critical data, how do you ensure it’s secure? To protect the small but most essential portion of data, enterprises need an adept, integrated, responsive strategy that accounts for the value and classification of the data and its ongoing role in the business operations life cycle.

The “better safe than sorry” mentality can make data security a business inhibitor rather than a business enabler: If your security program is insufficiently mindful of requirements such as usability, portability, interoperability and other operational aspects, it may result in a solution that is not enabling the business, an obstacle to be avoided. Security for critical data must not only provide assurance, but also seamlessly integrate into the very fabric of the business, or else it will not be effective.

Locking down critical data may well be the right approach, but it must be balanced with monitoring and other measures to ensure effectiveness and reduce friction with business objectives and processes. A more sensible approach to risk management for critical data can greatly enhance both security and the ability of the organization to capture opportunities and grow with confidence.

What’s the Right Level and Amount of Data Security?

  • Securing data should be tied to the front end within the business processes, and the back end should be monitoring the communication and the remediation.
  • Critical data protection must account for the data life cycle, associated business processes and the proper control points along the way. Even the larger enterprise security strategy — designed to protect the IT infrastructure, networks, devices, data and access — is ultimately about the secure, continuous flow of your information.
  • While essential data and trade secrets should be afforded the most robust and intelligent protection, enterprises must strike a balance with data access and utilization. An effective critical data protection program must continually evolve in accordance with how the data is being accessed and utilized and how the threat landscape is changing.
  • Many of these successful data breaches utilized technologies and vulnerabilities that have been in place for years. This reinforces the need to continually evaluate and ensure comprehensive protection is applied throughout the IT infrastructure, at all levels, for all components, for the full critical data life cycle and for both structured and unstructured data — including when data is in motion, or at rest in applications and in storage.

A critical data protection strategy does not rely on the most recent security implementation to protect the “crown jewels.” It must continually address multiple threats, ranging from trusted insiders to competitors and hackers in a data environment made more complex by mobility, big data, social media, cloud computing and virtualization.

Three guiding principles to improve data security and compliance

Make sure your security program has ownership and leadership assigned across critical business areas, and adapt your solutions to meet your business information life cycle. By expanding accountability and awareness across key areas of risk, you’ll create a heightened understanding and enforcement of the security controls you’ve put in place. And that, in turn, will allow you to create a more secure business environment.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today