In light of recent news-making breaches, we can see there really is no industry immune from data breaches. While I do not want to be doom-and-gloom, manufacturing, consulting, entertainment, retail, consumer goods, hospitality, transportation – these sectors together make up 47% of all data breaches. In fact, consulting and other services made up 14% of all breaches, second only to finance. Yet organizations in these less-regulated industries are often not investing as heavily in data security as their peers.

The reason why organizations that aren’t heavily regulated dismiss heavy data security-specific investments may seem obvious. Less regulation and less sensitive data mean less of a need for robust controls. But this is not always the case. Often decision-makers are concerned over the cost, resources and essentially the heft of typical data security solutions in proportion to the problems in need of solving. Many leaders outside of highly regulated segments elect to implement low-visibility native logging tools, or worse, the ‘do-nothing’ approach.

Counter to this mindset, let’s look at how a modern data security solution can support growing hybrid multicloud environments, meet compliance standards and not eat up too many resources in the process.

Read the report

Modern Architecture: Building Better Data Security

If you’re familiar with modernist architect Mies van der Rohe, you’re familiar with his love of idioms and expressions. In particular, while now cliché, van der Rohe popularized and largely embodied the phrase ‘less is more.’

That is how businesses should approach modern data security as well. In keeping with Design Thinking principles, all products and solutions should be built to reflect the needs of the customer, rather than the whims of the designer. Customers often need flexible deployment and adaptive scaling.

Containerized deployment often brings flexibility. Why is this useful? Well, let’s take a retail group as an example. They want to keep up with consumer demand for convenience and delightful visits. So, they work on new in-store displays and online commerce platforms. Let’s say that this company has a modern data security solution deployed in their current cloud database for compliance and risk analysis. Suddenly, they remove this database in favor of a new public cloud provider. If this was a legacy data security solution, there may be concerns around how to redeploy and whether it’s compatible with what the store needs. With open-source, containerized architecture, these concerns are minimized. Then, the company can quickly evolve without worrying about whether data security controls can adapt.

Register for on demand webinar

Adapting to a Flood of Data

Speaking of adapting, let’s talk about adaptive scaling. Across industrial sectors, we’re seeing an explosion of data. IoT devices and sensors, serverless apps running in public cloud environments and other elements of Industry 4.0 contribute to this data sprawl. Retail and consumer goods businesses store and analyze transaction and customer data to deliver good service. However, this also delivers an enormous wealth of personal information. In telecom and other information sector groups, 5G network speeds collect and transport customer data faster than ever before.

Multicloud configurations then store that data across myriad sources. While many of these cloud stores come equipped with native monitoring and logging, this leaves data security and governance fragmented. Legacy tools aimed at bringing the data estate together often fall short. They may only support a handful of data sources and not keep pace as new ones emerge.

Lightweight, open-source technology strikes again. Vendors with modern architecture in mind are developing solutions that can natively support major cloud data sources and more. They also come equipped with simple, yet powerful tools to allow security teams to quickly spin up their own connections to unsupported sources. They can stream critical audit and compliance data into a central console to unify and keep pace with multicloud growth.

Don’t Fear the Robots

Full disclosure, in this section you may find yourself saying “Ryan, this is common sense.” However, it’s worth noting that regulations affect everyone. If you have customer information and operate in multiple countries, there’s a good chance you’re setting up your data security tools according to the EU’s General Data Protection Regulation and California Consumer Privacy Act, among other laws.

Say you work for a business-to-business group and don’t directly hold any personally identifiable information. Your customers may need to comply with these laws. So, you often need to prove that you comply as well.

Further, and possibly most important, 92% of consumers expect organizations to be proactive about data protection. Even in an industry not normally affected by these laws, consumer sentiment is trending towards better data protection and privacy. Internal compliance standards should now be equal to those created by the various legislative bodies.

Proving you’re working according to the rules, though, can be a painstaking process. Your data security and data governance might be fragmented across a wide data environment. It can also be difficult if you expect workers to do compliance and audit workflows by hand.

Sure, you probably aren’t using pen and paper to conduct these checks. But without automation, people are still spending time on manual compliance tasks. They could spend that time better hunting for and fixing data threats. Not to mention, manual compliance means more room for human error.

Now, automation should not, and often does not, completely remove humans from the equation. After all, as the quote goes “Computers are incredibly fast, accurate and stupid. Human beings are incredibly slow, inaccurate and brilliant.” A modern data security solution should offer custom compliance policy creation and automation of workflows and notifications. However, it’s still incumbent on the data security team to keep the policies aligned with business and security goals — and to address notifications and alerts as they arise. But with the tools to monitor your data on an ongoing basis, you can preserve data compliance and privacy with less effort.

Keeping the Data Engine Running

Look, I said it at the beginning. I’m not here to be a doomsayer.

But again, as an example, consumer goods and retail saw data breach costs increase by $1.11 million and $1.26 million, respectively, from 2020 to 2021. So, even if the data governance and security goals in firms outside of highly regulated industries, such as finance and health care, are centered around being flexible and compliant, threat defense still needs to be key.

Any modern data security solution worth its salt should be powered by AI. It is one thing to spot a problem, but it is another to use machine learning to uncover odd privileged user behavior across multiple data sources, find the user behind the privileged credentials, score the risk based on its potential impact on the enterprise and share this contextual data across the SIEM, with the SOC team, in ticketing platforms and in other critical tools.

What this does is up-level data security, making it everyone’s business. Raw logs sent to the SOC team don’t really help anyone. If anything, they contribute to alert fatigue, which contributes to attrition. That, in turn, kicks off the difficult process of finding new cybersecurity experts. With the skills gap still a burden on the industry, it can be difficult to find those new resources quickly.

But maybe you’re in an industry that doesn’t really require you to have a SOC or to purchase a SIEM. Even so, being able to not only discover but better understand threats to your data can stop breaches faster. And isn’t that the goal, after all?

IBM Security Guardium Insights

IBM Security is committed to helping its customers advance data privacy and compliance goals and modernize data security. With IBM Security Guardium Insights, adapt and scale with a growing cloud environment, reduce time to compliance and understand risky behaviors and anomalies spanning disparate data sources. By merit of its Red Hat OpenShift and containerized architecture, Guardium Insights can flexibly deploy wherever and however your organization needs.

Learn more about how IBM Security Guardium helps organizations meet compliance regulations and provide protection throughout the data security lifecycle.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…