My colleague Nev Zunic and I recently shared one of our data security presentations at IBM InterConnect 2015. This conference was a great opportunity for us to discuss the data security landscape and share our knowledge with peers and clients. Our presentation shared some insight into modern enterprise data security and touched on our five-phase approach.
Based on IBM’s Data-Centric Security Model, our strategic and tactical approach through five phases — Define, Discover, Baseline, Secure and Monitor — delivers an effective, holistic balance of data security. This balanced approach moves the data security discussion into an open forum to engage enterprise stakeholders. More importantly, it facilitates the formulation of your team’s battle plans to mitigate cyberthreats against your most valuable data.
Make no mistake, a coordinated, distributed and determined effort by a ruthless adversarial force is seeking your enterprise’s most valuable data. Your battle plans need a comprehensive picture of your enterprise’s critical data. But how can you get to that point without first understanding where you are going?
An interesting perspective on data security can be paraphrased by late business guru Stephen Covey. With data security, you should begin by thinking about your data security nirvana and “begin with the end in mind.” Approaching enterprise data security by identifying business drivers can help you think about the last phase of our five-phase approach.
Addressing Business Needs in Data Security
When we discuss and review data security with clients, there is often a tendency for clients to want to use a tacitcal, tool-based approach to address an immediate concern. That approach is a reflection of the narrow view of the enterprise and is rarely an indication of understanding the data security needs of the enterprise. Think about how your security nirvana meets the needs of your enterprise — and by enterprise, I mean beyond IT.
Focus on the ‘I’ of IT
Nev often shares with our clients that the error of most enterprise data security is the narrow focus placed on technology. The effect of a tactical solution only takes you so far — your data landscape is a reflection of your entire enterprise, and your security nirvana should reflect that reality. Any single tactical solution is merely one tool in your team’s arsenal. Your complete arsenal is needed, and that solution must be part of a complete strategic defense.
Begin With the Data First
The old adage of “follow the money” applies equally to data. Let’s face it, the threat to your enterprise is the loss of your most valuable data. You must engage all your enterprise stakeholders to truly understand which data is the most valuable and use that knowledge to begin to understand what the business requires of your data security nirvana.
So begin by discussing what your stakeholder collectively requires and what they value, and then you can begin to articulate what is most valuable to your enterprise. That opportunity will empower you to begin visualizing a holistic data security program that can meet the needs of your enterprise beyond IT. Think about it. Pivot your data security perspective and focus on the information to truly secure your enterprise data, and your enterprise’s security nirvana can become a reality.