Let’s say you’re planning a train robbery in the Old West. Your posse can jump on board at the station, on the route or at the last stop. The same is true of today’s data robbers. There are three main states in which data exists across an enterprise: at rest, in motion and in use. As defenders, we need to ensure data security from creation to disposal and everything in between.
While most of us know how to protect data at rest (i.e., inactive data in storage, such as in databases), the other two states require more complex strategies. Let’s take a look at how to provide data security along the whole journey.
Tension Between Data Security and Governance
Organizations collect a tremendous amount of data from a lot of sources. Any of these sources might contain sensitive data. We often relocate data for warehousing, reporting, analytics, storage, testing and application use. Therefore, that data or artificial intelligence (AI) models might be copied multiple times, resulting in misuse. Gartner estimates that backup and archiving of personal data represents the largest area of privacy risk for 70% of businesses, up from 10% in 2018.
The rise of newer platforms, such as cloud and data lakes, can make the issue even worse. Organizations often feel a natural tension between data governance, data security and innovation. A well-governed, secure environment can spur innovation and make people more productive.
Learn about IBM Security Guardium Insights
Data Security in Motion: Leaving the Station
The first data ‘location’ we need to worry about is when the data is in motion. When data is in motion, it travels within or between information systems. Using the cloud, big data tech and disparate tools from multiple vendors can all make this step more complex.
Data in motion is at risk from ransomware attacks and data breaches. Most likely, you’re already using encryption in this stage to help make sure they can’t use that data if someone steals it. Think of encryption as the first and last line of defense.
You can take several steps to protect data in motion. A good place to start is knowing what data you need to protect and where it is located. Customer and financial data are obvious choices for encryption, but many companies fail to realize that even older, seemingly less important data can contain sensitive information. This is partly because what constitutes personally identifiable information (PII) has broadened a lot in the last decade.
Controlling and monitoring data access and activity is an important part of any data security strategy. Find out more about how to balance data security with frictionless access to data.
Data in Use: The Journey and the Arrival
In our train metaphor, data is in use when it arrives at the station. Data is in use when applications process it, when it’s transformed or changed and when enterprise users view it. The primary goal in governing data in use is to minimize the likelihood of data misuse across the enterprise.
More and more departments may express the need to manage and access data. So, leaders need to focus on streamlining data operations to be more efficient and improving data quality, findability and governance. That allows them to provide an efficient, self-service data pipeline to the right people at the right time from any source.
At the heart of a strategy for data in motion often lies a data catalog. The tool creates and automates policies for enterprise-wide categorizing and classifying all company data, no matter where it resides. This means the right data security measures are in place while data remains at rest. Other defenses might be triggered when people access, use or transfer sensitive data. The modern data catalog should also include other functions such as data masking, user-based access controls for discovery and risk assessment of unstructured data.
Learn More About Data Security and Governance
In truth, you aren’t the train robber in this metaphor: you’re the one installing the locks. Data security and governance are your tickets to not only speed up analytical processing and insights but also to meet compliance needs. While the data volumes are extensive, machine learning and AI practices are helping to overcome the limits of human scale with such tasks as data mapping, activity monitoring, cataloging, matching large data volumes and sustaining data quality. Customers can deliver these operations at scale to cover millions of data assets with a unified privacy framework.
Want to learn more? Register for the workshop “Build your Business Case for Data Privacy” here.
Sr. Product Marketing Manager, IBM
Karen Madera is a senior product marketing manager for IBM Cloud Pak for Data, specializing in data cataloging, governance, and AI. Her background spans a va...