Sensitive data is everywhere, in every form. Whether structured or unstructured, big or small, in the cloud or on-premises, data is now a foundational pillar of our economy. If we have learned anything from the string of data breaches on the front page of the news in recent months, it is that our sensitive data is exposed to more internal and external threats. Data risk is higher than ever before.
Two Disconnects, One Big Problem
Because of the diversity of data types and storage locations, there is no longer a single platform to protect, and no single technology that will do it. A natural consequence is that, in most organizations, many different point solutions are used to protect ever-increasing and ever-moving troves of dynamic data. When the landscape becomes so complex, it is not surprising that data protection measures like discovery, classification, hardening and monitoring are neglected. Without a lens into these processes, gaps can occur, allowing attackers to find footholds.
These gaps emerge in two critical areas. The first is the well-known horizontal disconnect between point technology solutions. Without the right integrations between them, it is not possible to systematically spot issues and establish accurate security metrics.
The second gap is vertical in nature: When reporting up to C-suite executives, these security metrics don’t mean much to the nontechnical audience, in part because they lack the real-time information to show the relative business value of data and its potential vulnerabilities. The result is that executives are not able to get an accurate picture of the risks across the organization and are not able to prioritize actions to limit exposure.
Introducing IBM Data Risk Manager to Uncover, Analyze and Visualize Data-Related Business Risks
Today, IBM Security is announcing the release of IBM Data Risk Manager, an integration platform that aims to bridge those horizontal and vertical gaps. This manager provides executives and their teams a business-consumable data risk control center, helping to uncover, analyze and visualize data-related business risks so they can take action to protect their business. It leverages the capabilities of Agile 3 Solutions, a February 2017 IBM acquisition, and enables organizations to:
- Identify specific, high-value, business-sensitive information assets. Leveraging inputs from IBM Security Guardium, IBM Information Governance Catalog and Symantec DLP, Data Risk Manager is an integration platform that provides an end-to-end view of all business metadata associated with sensitive information assets, including applications, processes, policies, procedures, controls, ownership and more.
- Gain early visibility into potential risks to data and processes. The value of information assets can be correlated with threats, vulnerabilities, controls and business attributes to calculate a risk score, highlighting the parts of the business that are at risk.
- Inform executives with a business-consumable data risk control center. This information is presented to executives in an intuitive dashboard, providing an end-to-end view of the security posture so that the right conversations between IT, security and the lines of business can take place to help improve business processes and mitigate data risks.
Data Risk Manager helps organizations ensure their many security tools operate in concert, with the right methodologies and business processes driving a horizontal integration between them. Security metrics are then translated to the language of data risk, enabling a conversation about potential data exposure at the executive level in the context of the business.
IBM Data Security Services Can Help Make Data Risk Manager Work for You
IBM Data Security Services offer delivery expertise to integrate Data Risk Manager with your existing technologies, using proven methodology and aligning with your business processes. Capturing the business context of your specific organization, our security specialists can help you build a bridge between security and the C-suite.