If you are like most security leaders responsible for protecting your company’s crown jewels, you’ve certainly asked: Can malicious insiders access my organization’s sensitive and mission-critical data? Indeed, it’s a good question to ask, because there may be unseen torpedoes in motion that can sink your efforts to curtail this volatile behavior.
Too few organizations can fully visualize and understand what’s happening to sensitive and regulated data. Being able to accomplish these goals and protect the data powering your business is more important than it has ever been. With the data security market currently in flux — as niche players seek to merge with other players simply to survive in the face of increasingly rigorous client requirements, complex cloud migrations and a growing list of data privacy and cybersecurity compliance requirements — it can be difficult to objectively compare and contrast leading vendors.
This has the unintended impact of complicating an organization’s ability to develop a balanced and complete data security program. Building such a program is more important than ever. Why? Primarily, the goal is to avoid a breach, but equally important is the ability to fully meet data privacy and compliance requirements, avoiding fines and loss of customer trust. Some vendors tell organizations that a one-size-fits-all approach to data privacy and compliance is ‘good enough’ to accomplish these goals — and that they can still manage to increase a client’s return on investment (ROI).
See how Guardium compares
Data Breach Facts
Let’s unpack the facts. Data security breaches are more frequent and more expensive than in the past. The latest research shows that the global average total cost of a data breach is now $3.86 million. Even more pressing, the average cost of a data breach related to an insider is now $11.45 million, and insider threat issues are present in 50% of breaches. As the data demonstrates, insider threat-related breaches can be more costly. Why is this? With their credentials, insiders — or those posing as insiders — have more access to sensitive and regulated data and therefore are able to do more damage.
These realities mean that single-niche vendors, with their siloed and narrow scope, are less capable of addressing complex modern data security, data privacy and cybersecurity compliance requirements. Knowing this might explain why a startup attempting to pioneer agentless data security — which can’t support real-time use cases — decided to merge with an organization that provides technology that’s traditional and IT centric. It’s unclear how these vastly different architectures might fit together. As such, this vendor combination may create issues for clients’ efforts to deploy a robust, flexible and modern data security and compliance program through multiple legacy architectures.
To help you traverse this new and potentially confusing landscape, make sure you can achieve the best practices laid out below — and can comfortably answer the following questions about your data security solution — to confidently meet your organization’s specific data security and protection use cases.
1. Spot, Stop and Defend
Can your data security solution support real-time data activity monitoring? Can it leverage advanced analytics and behavioral analysis to spot and stop an insider breach or application hijack against mission-critical data?
Things to consider: Passive methods of data collection provided by the agentless approach only provide limited, after-the-fact support for compliance. This data collection technique may be appropriate to support auditing for data sources without mission-critical data, but it’s not enough to support compliance or security use cases for mission-critical or regulated data. For this sensitive use case, it is also imperative for data security specialists to leverage easy-to-understand analytics that can help identify user behavioral anomalies and trends.
The startup vendor mentioned above has been positioning agentless data collection as the right answer for all use cases. This acquisition could signal a change in direction and strategy that may give clients only using agentless data security pause. Both agent-based and agentless data collection are necessary for a complete data security program.
2. Reduce the Burden
How many steps do you have to take to connect to a remediation platform and open a ticket, integrate with a third-party application or create a report? It’s also worth taking into account whether your team needs any special skills to do these things.
Things to consider: Organizations generally have less budget and fewer resources to deploy across different initiatives. It’s important to invest in a solution that’s easy to use and that requires fewer specialized skills to use and maintain. For example, you shouldn’t need deep structured query language (SQL) skills just to run a report. It is nonsensical to have to go out to a command line and follow a bunch of steps just to open a ticket. This is what certain vendors expect from their clients’ data security specialists. It is difficult to imagine an organization that wants to require this level of skill, when the specialist’s attention should be focused on high-impact data security issues and quickly pulling and sharing reports. Ask yourself: Could my team quickly create a custom report on their own using this technology?
3. Modernize to Reduce Total Cost of Ownership (TCO)
Business pressures have changed, and organizations are pressing IT teams to start moving infrastructure to the cloud while supporting hybrid environments. To meet these demands while protecting current investments, businesses are looking to modernization to help reduce overall costs and to make it easier to maintain their data security solutions.
Things to consider: Architectural modernization brings with it some built-in benefits that make it easier to use and maintain solutions. Organizations should be able to deploy solutions on-premises today, then shift to public or private clouds when needed. Modernization also can provide benefits such as autoscaling, native disaster recovery, low latency with high performance, in-place upgrades and multi-tenancy for a better overall experience and reduced TCO. There are few vendors who can currently deliver this modern approach. Other vendors are resting on relative strength in supporting multiple legacy architectures, which can result in slowing down a client’s cloud migration.
4. Gather and Go
Do your teams have to manually normalize the audit data that’s being collected, and then update the work they’ve done every time a new data source version is released? How frequently does this rework need to be done?
Things to consider: Data security specialists should be able to readily use monitoring and audit data in their data security solution. This is only possible when the solution automatically normalizes data for consumption (e.g., for reporting and analytics). This rapid access supports audit requirements and security use cases without having to spend the extra time and unnecessary expense to make that data usable.
5. Break Down Silos
To be effective in this age of ever-more-distributed data and rising threats, data security can no longer exist in a silo. Data security capabilities must be automated and orchestrated to work as part of the bigger security ecosystem and to help security teams collaborate. Basic integration is no longer sufficient to support the broader data security ecosystem and the sheer number of different data sources and data security tools that organizations are trying to tie together and leverage.
Things to consider: Without the ability to support automation, orchestration and collaboration, teams end up working in silos across different data security tools, which drives up costs, slows down data security and protection activities and stalls time to value.
Looking across these five best practices, there is one vendor uniquely positioned to help your organization execute. There is one data security vendor with a vision that is centered around our client requirements — around modernization and around depth and breadth of capabilities — and that has been consistently market-leading along the way.
Don’t be torpedoed by vendors who opportunistically change their strategy to fit their technology. Go with a thought leader and visionary. Hear from our customers — and see how they’re deriving significant value from their data security investments.
Download the report
Program Director, IBM Security
Leslie Wiggins is a Program Director leading the IBM Data Security Product Management team within the IBM Security business unit. Leslie and her team are res...