December 21, 2015 By Lynne Murray 4 min read

IT walls are coming down, making room for better communication with consumers everywhere. However, with trends like cloud and big data introducing new data security and privacy challenges, gaps are emerging. This leads to opportunities for targeted, sophisticated attacks and internal data leaks that can expose vulnerabilities in your data infrastructure.

These trends require swift alignment of an organization’s business processes, data access policies and data security controls. Where do you get started? How do you determine which data is the most sensitive? How do you assess your risk appetite? What tools must you consider — and what’s a waste of your resources?

Remember: It’s All About the Data

Regardless of industry, all organizations manage some form of sensitive data. These types of sensitive data must be prioritized by the data that is most valuable to the organization. It could include:

  • Financial records;
  • Customer information;
  • Credit card and other account records;
  • Personally identifiable information (PII);
  • Patient records;
  • Intellectual property and trade secrets.

Watch the ‘New Rules of Data Security’ video series, feat. experts from Forrester and IBM

Certify for Compliance

Growing data compliance mandates are driving organizations to rethink their data protection strategies. Most data is subject to compliance regulations such as the Sarbanes–Oxley Act (Sarbox), Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA) and the EU Data Privacy Directive. With the growing complexity of your data infrastructure, can you quickly demonstrate that you have the required policies and reports in place to certify that your company is in compliance with any and all of the relevant regulations?

How Do You Minimize Risk When Data Is Constantly in Motion?

In large percentages of incidents, unknown data played a role in a data breach. To minimize this risk, organizations need a systematic way to identify all database instances and to determine, on an ongoing basis, which instances contain sensitive data so that appropriate controls can be implemented.

An important first step to protecting sensitive data is to identify its existence. This can be challenging because database and open-source data environments are highly dynamic, and most organizations lack an effective means of identifying existing and new sensitive data.

Even in stable environments where cataloging processes have historically existed, uncontrolled instances can inadvertently be introduced through various mechanisms. Such circumstances include developers who create temporary test environments, business units seeking to rapidly implement local applications and purchases of new applications with embedded databases.

In mature organizations, existing databases deployed before change control mechanisms had been implemented are not uncommon. Larger organizations growing through acquisitions often struggle to gauge, with certainty, sensitive data risk in acquired infrastructures. An automated mechanism for discovery and classification is a critical component to a data protection strategy to prevent a breach of sensitive data.

Common Security Challenges

To sum up the most common challenges, many organizations must understand the requirements for monitoring and auditing their environment:

  • Where is my sensitive data located?
  • Are there unauthorized changes to my data?
  • How can I protect my information against the vast number of security threats?
  • How can I reduce my infrastructure costs, which are rising dramatically?

There is the constant need to balance these challenges with the organization’s ultimate goals. For most enterprises, these aims include the following:

  • Increase the overall protection of information within the environment.
  • Reduce the cost for compliance and security within the business.
  • Empower users with information so they can make good decisions that positively affect the business.
  • Stay away from negative publicity that can result from a data breach.

How Do You Get Started?

Working with Forrester Research, IBM has developed a data security virtual seminar portal featuring short, expert-led videos. These recorded discussions provide advice on what data to keep secure and just how to go about doing it. They also describe how to implement and enforce security and compliance policies in real time and which data security and privacy technologies are used to help mitigate the risk of managing sensitive data.

‘New Rules of Data Security’ Video Series

The video series, called the “New Rules of Data Security,” focuses on how security professionals can improve data security posture and address some of the most common challenges facing enterprises.

  • ‘Making Leaders Successful Every Day’
    Fear of data breach is rampant. Recent breaches have led to executive dismissals, rising regulatory fines and the devastating loss of customer trust. How are we protecting our sensitive data? Are we really doing enough to eliminate or even mitigate risk?
  • ‘Experiences From the Field’
    What are the new challenges that organizations face before implementing data security technologies? What specific details are behind business and technology requirements, project scoping, implementation and business results? How do they protect data and ensure compliance? What data security best practices can you learn from expert experiences to achieve success at your organization?
  • “Protecting the Organization’s Most Valuable Asset”
    Complex IT environments only increase the need to protect big data and sensitive information. Manual processes and disparate technologies of the past have proven expensive and ineffective. What can you do to reduce the risk and cost of protecting this data?

Prepare now. Your data protection strategy must continually evolve and apply the same proven security and privacy measures for monitoring access, tracking changes and observing usage that were once used on traditional data repositories. Don’t wait until you are reeling from a breach and the data has left the building.

Watch the ‘New Rules of Data Security’ video series, featuring Forrester and IBM Experts

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today