Light Dark
November 14, 2017 By Laurène Hummer 3 min read

Sensitive data is everywhere, in every form. Whether structured or unstructured, big or small, in the cloud or on-premises, data is now a foundational pillar of our economy. If we have learned anything from the string of data breaches on the front page of the news in recent months, it is that our sensitive data is exposed to more internal and external threats. Data risk is higher than ever before.

Two Disconnects, One Big Problem

Because of the diversity of data types and storage locations, there is no longer a single platform to protect, and no single technology that will do it. A natural consequence is that, in most organizations, many different point solutions are used to protect ever-increasing and ever-moving troves of dynamic data. When the landscape becomes so complex, it is not surprising that data protection measures like discovery, classification, hardening and monitoring are neglected. Without a lens into these processes, gaps can occur, allowing attackers to find footholds.

These gaps emerge in two critical areas. The first is the well-known horizontal disconnect between point technology solutions. Without the right integrations between them, it is not possible to systematically spot issues and establish accurate security metrics.

The second gap is vertical in nature: When reporting up to C-suite executives, these security metrics don’t mean much to the nontechnical audience, in part because they lack the real-time information to show the relative business value of data and its potential vulnerabilities. The result is that executives are not able to get an accurate picture of the risks across the organization and are not able to prioritize actions to limit exposure.

Introducing IBM Data Risk Manager to Uncover, Analyze and Visualize Data-Related Business Risks

Today, IBM Security is announcing the release of IBM Data Risk Manager, an integration platform that aims to bridge those horizontal and vertical gaps. This manager provides executives and their teams a business-consumable data risk control center, helping to uncover, analyze and visualize data-related business risks so they can take action to protect their business. It leverages the capabilities of Agile 3 Solutions, a February 2017 IBM acquisition, and enables organizations to:

  • Identify specific, high-value, business-sensitive information assets. Leveraging inputs from IBM Security Guardium, IBM Information Governance Catalog and Symantec DLP, Data Risk Manager is an integration platform that provides an end-to-end view of all business metadata associated with sensitive information assets, including applications, processes, policies, procedures, controls, ownership and more.
  • Gain early visibility into potential risks to data and processes. The value of information assets can be correlated with threats, vulnerabilities, controls and business attributes to calculate a risk score, highlighting the parts of the business that are at risk.
  • Inform executives with a business-consumable data risk control center. This information is presented to executives in an intuitive dashboard, providing an end-to-end view of the security posture so that the right conversations between IT, security and the lines of business can take place to help improve business processes and mitigate data risks.

Data Risk Manager helps organizations ensure their many security tools operate in concert, with the right methodologies and business processes driving a horizontal integration between them. Security metrics are then translated to the language of data risk, enabling a conversation about potential data exposure at the executive level in the context of the business.

IBM Data Security Services Can Help Make Data Risk Manager Work for You

IBM Data Security Services offer delivery expertise to integrate Data Risk Manager with your existing technologies, using proven methodology and aligning with your business processes. Capturing the business context of your specific organization, our security specialists can help you build a bridge between security and the C-suite.

Register for the Dec. 6 Webinar: Do you speak risk? Bring Data Security to the C-Suite

 |  |  |  | 
Laurène Hummer
Offering Manager for IAM Services, IBM Security

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature