IT walls are coming down, making room for better communication with consumers everywhere. However, with trends like cloud and big data introducing new data security and privacy challenges, gaps are emerging. This leads to opportunities for targeted, sophisticated attacks and internal data leaks that can expose vulnerabilities in your data infrastructure.
These trends require swift alignment of an organization’s business processes, data access policies and data security controls. Where do you get started? How do you determine which data is the most sensitive? How do you assess your risk appetite? What tools must you consider — and what’s a waste of your resources?
Remember: It’s All About the Data
Regardless of industry, all organizations manage some form of sensitive data. These types of sensitive data must be prioritized by the data that is most valuable to the organization. It could include:
- Financial records;
- Customer information;
- Credit card and other account records;
- Personally identifiable information (PII);
- Patient records;
- Intellectual property and trade secrets.
Certify for Compliance
Growing data compliance mandates are driving organizations to rethink their data protection strategies. Most data is subject to compliance regulations such as the Sarbanes–Oxley Act (Sarbox), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA) and the EU Data Privacy Directive. With the growing complexity of your data infrastructure, can you quickly demonstrate that you have the required policies and reports in place to certify that your company is in compliance with any and all of the relevant regulations?
How Do You Minimize Risk When Data Is Constantly in Motion?
In large percentages of incidents, unknown data played a role in a data breach. To minimize this risk, organizations need a systematic way to identify all database instances and to determine, on an ongoing basis, which instances contain sensitive data so that appropriate controls can be implemented.
An important first step to protecting sensitive data is to identify its existence. This can be challenging because database and open-source data environments are highly dynamic, and most organizations lack an effective means of identifying existing and new sensitive data.
Even in stable environments where cataloging processes have historically existed, uncontrolled instances can inadvertently be introduced through various mechanisms. Such circumstances include developers who create temporary test environments, business units seeking to rapidly implement local applications and purchases of new applications with embedded databases.
In mature organizations, existing databases deployed before change control mechanisms had been implemented are not uncommon. Larger organizations growing through acquisitions often struggle to gauge, with certainty, sensitive data risk in acquired infrastructures. An automated mechanism for discovery and classification is a critical component to a data protection strategy to prevent a breach of sensitive data.
Common Security Challenges
To sum up the most common challenges, many organizations must understand the requirements for monitoring and auditing their environment:
- Where is my sensitive data located?
- Are there unauthorized changes to my data?
- How can I protect my information against the vast number of security threats?
- How can I reduce my infrastructure costs, which are rising dramatically?
There is the constant need to balance these challenges with the organization’s ultimate goals. For most enterprises, these aims include the following:
- Increase the overall protection of information within the environment.
- Reduce the cost for compliance and security within the business.
- Empower users with information so they can make good decisions that positively affect the business.
- Stay away from negative publicity that can result from a data breach.
How Do You Get Started?
Working with Forrester Research, IBM has developed a data security virtual seminar portal featuring short, expert-led videos. These recorded discussions provide advice on what data to keep secure and just how to go about doing it. They also describe how to implement and enforce security and compliance policies in real time and which data security and privacy technologies are used to help mitigate the risk of managing sensitive data.
‘New Rules of Data Security’ Video Series
The video series, called the “New Rules of Data Security,” focuses on how security professionals can improve data security posture and address some of the most common challenges facing enterprises.
- ‘Making Leaders Successful Every Day’
Fear of data breach is rampant. Recent breaches have led to executive dismissals, rising regulatory fines and the devastating loss of customer trust. How are we protecting our sensitive data? Are we really doing enough to eliminate or even mitigate risk?
- ‘Experiences From the Field’
What are the new challenges that organizations face before implementing data security technologies? What specific details are behind business and technology requirements, project scoping, implementation and business results? How do they protect data and ensure compliance? What data security best practices can you learn from expert experiences to achieve success at your organization?
- “Protecting the Organization’s Most Valuable Asset”
Complex IT environments only increase the need to protect big data and sensitive information. Manual processes and disparate technologies of the past have proven expensive and ineffective. What can you do to reduce the risk and cost of protecting this data?
Prepare now. Your data protection strategy must continually evolve and apply the same proven security and privacy measures for monitoring access, tracking changes and observing usage that were once used on traditional data repositories. Don’t wait until you are reeling from a breach and the data has left the building.