Data provides businesses the edge they need to unlock their full potential. In turn, employees seek access to data to drive better customer outcomes, become more efficient and increase profits. As these demands for access increase, so too does the need for matching data security controls.

It is a strategic imperative for modern businesses to migrate to the cloud to unlock their full potential — to increase their edge, keep costs down and scale. As a result, IT infrastructure is changing at a rapid pace. Data that was once shielded is now subject to a fading perimeter, making the protection of data in the cloud a vital concern.

It’s a sad truth that the changes that come with this growth are so drastic that older methods for securing data cannot be employed. Without adapting to this change, entities will not be able to discover and respond to threats before they disrupt the business.

So, what can be done? Recently, I guided a discussion between three experts from IBM Security on how to modernize your security operations center (SOC). Their advice highlighted three areas where SOCs can optimize by meshing different elements of data security: through people, processes and technology.

Watch the webinar on demand

Unite Data Security and SOC Teams

In order for businesses, their customers and partners to safely work together well, a foundation must be laid regarding the right levels of data access. Breaking down barriers between the SOC team and data security experts is key.

With data moving all across the different teams, there should be “a common control plan between data security and the SOC so that they fundamentally can really work as one team and share insights,” says Chris Meenan, director of threat management offering management and strategy at IBM Security.

The SOC needs real-time insight into data, including keeping track of who should have access to it and detecting strange behavior in the landscape. Without the barrier of silos, the data security team can take action quickly when the SOC detects threats.

Breaking down silos between data and security can start with a shared belief in the outcomes of the group.

“It’s easy to get lost in the day-to-day of making sure that the systems are up and running,” says Reed Shea, program director, data security offering management at IBM Security.

Instead, you should focus on common concerns that a database admin and SOC analyst might share: the confidentiality, integrity and availability of your system; regulatory constraints and proactive compliance; and making sure the right people have access to the right data. Database admins may not be sure how to rank these items when working with their colleagues in the SOC. Shea offers advice on how to turn that data into action. Elevating it into intelligence with enough context helps the SOC team take the next steps.

Bring Together Key Business Stakeholders

It’s also critical to work with the right stakeholders across the business to determine which data must be crunched.

When it comes to log sources, “you don’t want to grab everything,” says Matt Shriner, global security intelligence and operations consulting partner for IBM Security Services. “You want to grab the right things, and you do that by working with the key stakeholders.” In other words, you want to pull in the log sources that will help you achieve the right use cases that align to business priorities.

The SOC manager and chief information security officer can work with the chief risk officer, chief information officer and chief financial officer to gain a top-down view of the most important cyber risks to the business. Involving all critical stakeholders helps create a list of use cases that serve as inputs to the required security architecture and rank them by importance.

By “monitoring for exactly what matters most to your business from day one,” Shriner says, the time to return on investment is much faster.

Know Compliance Standards and Industry Frameworks

Knowing where your data resides is critical. This is more true than ever in light of government regulations, which in turn impact incident response. Giving the SOC the facts around breach response needs and laws helps ensure they can follow the right processes in the event of a data breach. Threat actors are moving fast, so responders working on critical incidents need to move even faster.

A framework outlining a top-down approach to use cases can also help SOCs establish processes. Creating a SOC best practices blueprint or target operating model is a starting point for knowing your risk. The National Institute for Standards and Technology (NIST) offers one of the most commonly adopted industry frameworks.

Leverage The Right Tools, Not More Tools for Data Security

In addition to the challenges above, knowing which tools to use is also key. As IT’s domain becomes more dispersed and varied, more systems are being introduced to SOCs. With more tools come more data silos with separate workflows. Maintaining all these controls is a substantial and costly task for teams who are already overwhelmed with raw readings from a whole host of endpoints.

Instead of making SOC workers’ lives more complex, there are ways tools can connect systems and simplify data. For instance, a federated data security architecture can help the SOC get an end-to-end view of what’s happening in the landscape. When the SOC team is able to access a common control pane and conduct federated searches, they can see data without having to spend time logging into multiple tools. Building orchestration and automation on top of federated data access means analysts can focus on a streamlined workflow, obtain the practical insights they need and quickly execute across a multicloud architecture.

Focus on People

Folding data defense into all the areas of a SOC ties back to return on investment for a business. But it’s also about people. Breaking down silos between teams and providing the SOC support in the face of rules and too many tools can change the way people work and respond to incidents.

By going back to the beginning of the people, process and tech loop, we can see tools must serve people, not the other way around. Adding automation is one way to make this happen. It can level up work, organize alerts and provide user behavior analytics to offer SOC teams the insight they need into data without being overwhelmed.

Not only that, but it affects people’s lives.

“It’s really important, of course, to ensure that your business can continue to be effective and to compete in the marketplace,” Shea says. But as an example: “Appropriate security and data security has ramifications to [things like] patient health.”

Data Security Across Teams, Tools and Workflows

To keep up with the threat landscape, SOCs need to focus on always improving and evolving their tactics, including their approach to data defense. Including the right people, refining tactics and using the right tools create chances to define use cases as you go and monitor the data that matters for your business.

Find “the right content, the right alerts, rules and dashboards that give you value from day one,” Shriner advised.

For a modern SOC — in terms of the enterprise, the people working there and the customers or patients whose personally identifiable information is in question — data access and speed to recovery are of the essence.

For more on how your SOC can modernize its approach to data and other crucial security operations, watch the full conversation with experts from IBM Security.

Watch the webinar on demand

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…