November 14, 2017 By Laurène Hummer 3 min read

Sensitive data is everywhere, in every form. Whether structured or unstructured, big or small, in the cloud or on-premises, data is now a foundational pillar of our economy. If we have learned anything from the string of data breaches on the front page of the news in recent months, it is that our sensitive data is exposed to more internal and external threats. Data risk is higher than ever before.

Two Disconnects, One Big Problem

Because of the diversity of data types and storage locations, there is no longer a single platform to protect, and no single technology that will do it. A natural consequence is that, in most organizations, many different point solutions are used to protect ever-increasing and ever-moving troves of dynamic data. When the landscape becomes so complex, it is not surprising that data protection measures like discovery, classification, hardening and monitoring are neglected. Without a lens into these processes, gaps can occur, allowing attackers to find footholds.

These gaps emerge in two critical areas. The first is the well-known horizontal disconnect between point technology solutions. Without the right integrations between them, it is not possible to systematically spot issues and establish accurate security metrics.

The second gap is vertical in nature: When reporting up to C-suite executives, these security metrics don’t mean much to the nontechnical audience, in part because they lack the real-time information to show the relative business value of data and its potential vulnerabilities. The result is that executives are not able to get an accurate picture of the risks across the organization and are not able to prioritize actions to limit exposure.

Introducing IBM Data Risk Manager to Uncover, Analyze and Visualize Data-Related Business Risks

Today, IBM Security is announcing the release of IBM Data Risk Manager, an integration platform that aims to bridge those horizontal and vertical gaps. This manager provides executives and their teams a business-consumable data risk control center, helping to uncover, analyze and visualize data-related business risks so they can take action to protect their business. It leverages the capabilities of Agile 3 Solutions, a February 2017 IBM acquisition, and enables organizations to:

  • Identify specific, high-value, business-sensitive information assets. Leveraging inputs from IBM Security Guardium, IBM Information Governance Catalog and Symantec DLP, Data Risk Manager is an integration platform that provides an end-to-end view of all business metadata associated with sensitive information assets, including applications, processes, policies, procedures, controls, ownership and more.
  • Gain early visibility into potential risks to data and processes. The value of information assets can be correlated with threats, vulnerabilities, controls and business attributes to calculate a risk score, highlighting the parts of the business that are at risk.
  • Inform executives with a business-consumable data risk control center. This information is presented to executives in an intuitive dashboard, providing an end-to-end view of the security posture so that the right conversations between IT, security and the lines of business can take place to help improve business processes and mitigate data risks.

Data Risk Manager helps organizations ensure their many security tools operate in concert, with the right methodologies and business processes driving a horizontal integration between them. Security metrics are then translated to the language of data risk, enabling a conversation about potential data exposure at the executive level in the context of the business.

IBM Data Security Services Can Help Make Data Risk Manager Work for You

IBM Data Security Services offer delivery expertise to integrate Data Risk Manager with your existing technologies, using proven methodology and aligning with your business processes. Capturing the business context of your specific organization, our security specialists can help you build a bridge between security and the C-suite.

Register for the Dec. 6 Webinar: Do you speak risk? Bring Data Security to the C-Suite

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today