Let’s say you’re planning a train robbery in the Old West. Your posse can jump on board at the station, on the route or at the last stop. The same is true of today’s data robbers. There are three main states in which data exists across an enterprise: at rest, in motion and in use. As defenders, we need to ensure data security from creation to disposal and everything in between.

While most of us know how to protect data at rest (i.e., inactive data in storage, such as in databases), the other two states require more complex strategies. Let’s take a look at how to provide data security along the whole journey.

Tension Between Data Security and Governance

Organizations collect a tremendous amount of data from a lot of sources. Any of these sources might contain sensitive data. We often relocate data for warehousing, reporting, analytics, storage, testing and application use. Therefore, that data or artificial intelligence (AI) models might be copied multiple times, resulting in misuse. Gartner estimates that backup and archiving of personal data represents the largest area of privacy risk for 70% of businesses, up from 10% in 2018.

The rise of newer platforms, such as cloud and data lakes, can make the issue even worse. Organizations often feel a natural tension between data governance, data security and innovation. A well-governed, secure environment can spur innovation and make people more productive.

Learn about IBM Security Guardium Insights

Data Security in Motion: Leaving the Station

The first data ‘location’ we need to worry about is when the data is in motion. When data is in motion, it travels within or between information systems. Using the cloud, big data tech and disparate tools from multiple vendors can all make this step more complex.

Data in motion is at risk from ransomware attacks and data breaches. Most likely, you’re already using encryption in this stage to help make sure they can’t use that data if someone steals it. Think of encryption as the first and last line of defense.

You can take several steps to protect data in motion. A good place to start is knowing what data you need to protect and where it is located. Customer and financial data are obvious choices for encryption, but many companies fail to realize that even older, seemingly less important data can contain sensitive information. This is partly because what constitutes personally identifiable information (PII) has broadened a lot in the last decade.

Controlling and monitoring data access and activity is an important part of any data security strategy. Find out more about how to balance data security with frictionless access to data.

Data in Use: The Journey and the Arrival

In our train metaphor, data is in use when it arrives at the station. Data is in use when applications process it, when it’s transformed or changed and when enterprise users view it. The primary goal in governing data in use is to minimize the likelihood of data misuse across the enterprise.

More and more departments may express the need to manage and access data. So, leaders need to focus on streamlining data operations to be more efficient and improving data quality, findability and governance. That allows them to provide an efficient, self-service data pipeline to the right people at the right time from any source.

At the heart of a strategy for data in motion often lies a data catalog. The tool creates and automates policies for enterprise-wide categorizing and classifying all company data, no matter where it resides. This means the right data security measures are in place while data remains at rest. Other defenses might be triggered when people access, use or transfer sensitive data. The modern data catalog should also include other functions such as data masking, user-based access controls for discovery and risk assessment of unstructured data.

Learn More About Data Security and Governance

In truth, you aren’t the train robber in this metaphor: you’re the one installing the locks. Data security and governance are your tickets to not only speed up analytical processing and insights but also to meet compliance needs. While the data volumes are extensive, machine learning and AI practices are helping to overcome the limits of human scale with such tasks as data mapping, activity monitoring, cataloging, matching large data volumes and sustaining data quality. Customers can deliver these operations at scale to cover millions of data assets with a unified privacy framework.

Want to learn more? Register for the workshop “Build your Business Case for Data Privacy” here.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today