Data Security: Securing Your Most Important Asset

January 27, 2016
| |
2 min read

With data now moving freely among corporate networks, mobile devices and the cloud, today’s rapidly evolving threat landscape demands a more comprehensive approach to protecting sensitive information assets. As infrastructure expands to meet the needs of new services and technologies, companies must think beyond just their IT department. Specifically, organizations need to address and manage the significant enterprise risk that is data security.

How Do I Manage My Data Security Risk?

Protecting data through isolation is no longer an option, and simply adding additional security tools is not sufficient to contain the risks associated with today’s evolving threat environment. To successfully address and manage data security risk, organizations must take a data-centric approach to security, keeping the following concepts in mind.

Embracing a Data-Centric Approach

To manage the risks associated with today’s environment, organizations must make data-centricity a core component of their approach to security. IBM’s approach to data-centric security leverages the business value of data to determine and implement the appropriate level of information security.

By following this approach, organizations can overcome the tension that often exists between information security technology and business strategy objectives by linking security services directly to business processes and the data these services protect. The focus of a data-centric approach is to derive the right security level through a business analysis of the data being handled.

Following a Risk-Based Approach

Data security is consistently identified as a top enterprise risk in today’s world. However, the complexity and volume of data has many organizations struggling with how to begin managing this risk. The first step in implementing a data-centric approach to data security is to understand your organization’s level of risk through the identification and prioritization of sensitive information assets.

To do so, organizations must undertake a comprehensive data discovery and classification effort. Companies should start discovery and classification efforts within a single organizational function or line of business, leveraging software tools to automate the process wherever possible. Such an effort, although limited in organizational scope, should include both structured and unstructured data held across traditional and emerging repositories including databases, applications, cloud and big data environments.

Addressing the Full Data Life Cycle

In order to truly implement a data-centric approach to security, companies must manage sensitive information assets throughout their life cycle. Data flow mapping tools should be used to understand when and how data enters an organization and where it flows as it moves throughout the environment.

In addition, organizations should leverage data activity monitoring tools, supported by customized risk visualization dashboards, to actively monitor data security risk.

What Should I Do Next?

Are you ready to begin improving your data security? Follow these three steps:

  1. Work to understand the value of your data assets through various lenses, including financial, market and brand impact.
  2. Classify and prioritize your sensitive information assets.
  3. Create, implement and maintain a robust data security program.

Gregg Barrow
Partner of Global Data and Application Security Competency Leader, IBM

Based in New York, Gregg has more than 25 years of cross-industry experience, with significant focus in the Financial Services sector. Prior to joining IBM, ...
read more

Banner ad leading to the Cost of a Data Breach Report for 2020.
Banner ad leading to the Cost of a Data Breach Report for 2020.
Your browser doesn’t support HTML5 audio
Press play to continue listening
00:00 00:00