January 27, 2016 By Gregg Barrow 2 min read

With data now moving freely among corporate networks, mobile devices and the cloud, today’s rapidly evolving threat landscape demands a more comprehensive approach to protecting sensitive information assets. As infrastructure expands to meet the needs of new services and technologies, companies must think beyond just their IT department. Specifically, organizations need to address and manage the significant enterprise risk that is data security.

How Do I Manage My Data Security Risk?

Protecting data through isolation is no longer an option, and simply adding additional security tools is not sufficient to contain the risks associated with today’s evolving threat environment. To successfully address and manage data security risk, organizations must take a data-centric approach to security, keeping the following concepts in mind.

Embracing a Data-Centric Approach

To manage the risks associated with today’s environment, organizations must make data-centricity a core component of their approach to security. IBM’s approach to data-centric security leverages the business value of data to determine and implement the appropriate level of information security.

By following this approach, organizations can overcome the tension that often exists between information security technology and business strategy objectives by linking security services directly to business processes and the data these services protect. The focus of a data-centric approach is to derive the right security level through a business analysis of the data being handled.

Following a Risk-Based Approach

Data security is consistently identified as a top enterprise risk in today’s world. However, the complexity and volume of data has many organizations struggling with how to begin managing this risk. The first step in implementing a data-centric approach to data security is to understand your organization’s level of risk through the identification and prioritization of sensitive information assets.

To do so, organizations must undertake a comprehensive data discovery and classification effort. Companies should start discovery and classification efforts within a single organizational function or line of business, leveraging software tools to automate the process wherever possible. Such an effort, although limited in organizational scope, should include both structured and unstructured data held across traditional and emerging repositories including databases, applications, cloud and big data environments.

Addressing the Full Data Life Cycle

In order to truly implement a data-centric approach to security, companies must manage sensitive information assets throughout their life cycle. Data flow mapping tools should be used to understand when and how data enters an organization and where it flows as it moves throughout the environment.

In addition, organizations should leverage data activity monitoring tools, supported by customized risk visualization dashboards, to actively monitor data security risk.

What Should I Do Next?

Are you ready to begin improving your data security? Follow these three steps:

  1. Work to understand the value of your data assets through various lenses, including financial, market and brand impact.
  2. Classify and prioritize your sensitive information assets.
  3. Create, implement and maintain a robust data security program.

More from Data Protection

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today