January 27, 2016 By Gregg Barrow 2 min read

With data now moving freely among corporate networks, mobile devices and the cloud, today’s rapidly evolving threat landscape demands a more comprehensive approach to protecting sensitive information assets. As infrastructure expands to meet the needs of new services and technologies, companies must think beyond just their IT department. Specifically, organizations need to address and manage the significant enterprise risk that is data security.

How Do I Manage My Data Security Risk?

Protecting data through isolation is no longer an option, and simply adding additional security tools is not sufficient to contain the risks associated with today’s evolving threat environment. To successfully address and manage data security risk, organizations must take a data-centric approach to security, keeping the following concepts in mind.

Embracing a Data-Centric Approach

To manage the risks associated with today’s environment, organizations must make data-centricity a core component of their approach to security. IBM’s approach to data-centric security leverages the business value of data to determine and implement the appropriate level of information security.

By following this approach, organizations can overcome the tension that often exists between information security technology and business strategy objectives by linking security services directly to business processes and the data these services protect. The focus of a data-centric approach is to derive the right security level through a business analysis of the data being handled.

Following a Risk-Based Approach

Data security is consistently identified as a top enterprise risk in today’s world. However, the complexity and volume of data has many organizations struggling with how to begin managing this risk. The first step in implementing a data-centric approach to data security is to understand your organization’s level of risk through the identification and prioritization of sensitive information assets.

To do so, organizations must undertake a comprehensive data discovery and classification effort. Companies should start discovery and classification efforts within a single organizational function or line of business, leveraging software tools to automate the process wherever possible. Such an effort, although limited in organizational scope, should include both structured and unstructured data held across traditional and emerging repositories including databases, applications, cloud and big data environments.

Addressing the Full Data Life Cycle

In order to truly implement a data-centric approach to security, companies must manage sensitive information assets throughout their life cycle. Data flow mapping tools should be used to understand when and how data enters an organization and where it flows as it moves throughout the environment.

In addition, organizations should leverage data activity monitoring tools, supported by customized risk visualization dashboards, to actively monitor data security risk.

What Should I Do Next?

Are you ready to begin improving your data security? Follow these three steps:

  1. Work to understand the value of your data assets through various lenses, including financial, market and brand impact.
  2. Classify and prioritize your sensitive information assets.
  3. Create, implement and maintain a robust data security program.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today