Data Protection
August 11, 2016 By Leslie Wiggins 3 min read

There are times in life when simply doing enough to get by is, well, sufficient. Other times, you know you need to go all in and compete to win. Top athletes, for example, know how and where to spend their time and effort. They don’t go all-out all the time, but they do know when to push hard, give it their all and set their sights on the podium — and a medal.

By contrast, an alarming number of organizations today are completely unaware that they are competing in a kind of data security triathlon. They are essentially sitting on the grass, looking up at clouds, unaware of the malicious insiders, uneducated users and cybercriminals creating risks and flying past them in a race to get to sensitive data.

Get in the Game!

Many organizations recognize there’s something going on, but they are unaware that they need to be in it to win it. Instead, they spend their time just doing enough: They make sure to check the compliance box and pass their audit, whether for PCI DSS, HIPPA, SOX or the EU’s GDPR, which goes into effect in June 2018.

While being in compliance is absolutely important and represents a great first step along the road to data security, it is merely sufficient. It helps avoid fines, scrutiny and other unpleasant things, but it does not position organizations to compete.

In this day and age, there seems to be a new data breach almost every day. Organizations must adopt a win-now mindset rather than simply doing enough to satisfy compliance requirements.

An organization can go for the gold by starting its data security journey with compliance and then intensifying its efforts and staying focused. This means successfully safeguarding data from internal and external threats. It also means being the champion and protector of your customers, your brand and the sensitive data that fuels your business.

Start With Compliance

The right place to begin is indeed with compliance. By starting with compliance, you become acquainted with the basics and can start learning the vocabulary of the data security athlete. Compliance helps you pass your audits, but it can also get you to start thinking about:

  • Discovery: Where is the relevant data?
  • Monitoring: Who is reading or changing that data, and how do I create an audit-worthy trail that I can share with auditors?
  • Hardening: What do I need to do to secure the data repositories where the relevant data lives?

To help you simplify and speed your compliance efforts while keeping costs down, you should look for a solution that can support discovery, monitoring and hardening. It should be automated, with as much built-in functionality as possible.

Protect Sensitive Data

As you train for the data security triathlon, you also need to make sure your compliance solution can grow with your future needs, supporting discovery, monitoring and hardening but also protecting sensitive data.

Sensitive data — such as IP, customer or partner information, manufacturing information, proprietary algorithms and all those other types that are crucial for business success but are not covered by compliance mandates — is probably scattered throughout your environment in databases, the cloud, big data environments and file systems. You need to find this information and protect it with a variety of features that can thwart threats.

Key capabilities to look for include: data protection (masking, redaction, encryption, blocking, alerting, etc.) for data at rest and in motion; entitlement reporting; risk and threat detection, including real- and right-time analytics, cognitive analytics and specialized threat detection analytics; and broad platform support so that when you are ready, you can safeguard your sensitive data, wherever it resides.

Expand Your Data Security Vocabulary

You can now use your expanded data security vocabulary and capabilities to achieve better security. Further your aims by asking questions such as:

  • Where is my sensitive data?
  • How can I protect my sensitive data at rest?
  • Who has access to my sensitive data?
  • Do users have the right level of access, or should access be turned off?
  • What must I do to secure my sensitive data repositories?
  • What is actually happening to my sensitive data?
  • How can I prevent unauthorized activities?
  • How can I protect sensitive data in motion?

Expanding from compliance to data security should not be difficult, and you should not be confronted with technical sticking points. With the right training program in place and key considerations in mind, you can score a neat compliance victory and then expand your program, build on your efforts and continue your journey to the data security triathlon. There you will surely have your shot at gold.

 |  |  |  | 
Leslie Wiggins
Program Director, IBM Security

More from Data Protection
November 8, 2023

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature