Light Dark
January 27, 2016 By Gregg Barrow 2 min read
Data Protection

With data now moving freely among corporate networks, mobile devices and the cloud, today’s rapidly evolving threat landscape demands a more comprehensive approach to protecting sensitive information assets. As infrastructure expands to meet the needs of new services and technologies, companies must think beyond just their IT department. Specifically, organizations need to address and manage the significant enterprise risk that is data security.

How Do I Manage My Data Security Risk?

Protecting data through isolation is no longer an option, and simply adding additional security tools is not sufficient to contain the risks associated with today’s evolving threat environment. To successfully address and manage data security risk, organizations must take a data-centric approach to security, keeping the following concepts in mind.

Embracing a Data-Centric Approach

To manage the risks associated with today’s environment, organizations must make data-centricity a core component of their approach to security. IBM’s approach to data-centric security leverages the business value of data to determine and implement the appropriate level of information security.

By following this approach, organizations can overcome the tension that often exists between information security technology and business strategy objectives by linking security services directly to business processes and the data these services protect. The focus of a data-centric approach is to derive the right security level through a business analysis of the data being handled.

Following a Risk-Based Approach

Data security is consistently identified as a top enterprise risk in today’s world. However, the complexity and volume of data has many organizations struggling with how to begin managing this risk. The first step in implementing a data-centric approach to data security is to understand your organization’s level of risk through the identification and prioritization of sensitive information assets.

To do so, organizations must undertake a comprehensive data discovery and classification effort. Companies should start discovery and classification efforts within a single organizational function or line of business, leveraging software tools to automate the process wherever possible. Such an effort, although limited in organizational scope, should include both structured and unstructured data held across traditional and emerging repositories including databases, applications, cloud and big data environments.

Addressing the Full Data Life Cycle

In order to truly implement a data-centric approach to security, companies must manage sensitive information assets throughout their life cycle. Data flow mapping tools should be used to understand when and how data enters an organization and where it flows as it moves throughout the environment.

In addition, organizations should leverage data activity monitoring tools, supported by customized risk visualization dashboards, to actively monitor data security risk.

What Should I Do Next?

Are you ready to begin improving your data security? Follow these three steps:

  1. Work to understand the value of your data assets through various lenses, including financial, market and brand impact.
  2. Classify and prioritize your sensitive information assets.
  3. Create, implement and maintain a robust data security program.

 |  |  | 
Gregg Barrow
Vice President & Managing Partner, Americas Security Services, IBM Security

More from Data Protection
November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

November 7, 2024

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature