Data drives enterprise success. The collection, identification and analysis of big data is critical to inform new strategies and help companies get ahead. As a result, organizations are adopting new collar hiring techniques to find the best and brightest data talent, while emerging tools are helping companies make the most of their massive data stores. As noted by InfoWorld, data lakes are now becoming data warehouses thanks to artificial intelligence (AI)-driven automation.
But in the rush to adopt new technologies and hire new talent, it’s easy for data protection to fall from C-suite priority to enterprise also-ran. So let’s break it down: What is data protection? Why does it matter so much? And how can companies implement protection processes that deliver better defense without derailing business value?
Data protection is the process of securing digital information without limiting the organization’s ability to use this data for business purposes or compromising consumer and end-user privacy.
Protecting data therefore falls into the simple-but-not-easy category of infosec initiatives: IT professionals have no trouble visualizing a secure data landscape, but the increasing complexity and scope of cloud computing deployments, internet of things (IoT) adoption and AI-enabled technologies makes designing a defense road map more difficult than it appears.
In fact, according to “The Fourth Annual Study on The Cyber Resilient Organization,” many companies lack consistent, effective security plans around data protection. Only 23 percent have cybersecurity incident response plans applied consistently across the entire enterprise, and 57 percent reported facing cybersecurity incidents that significantly disrupted IT and business operations in the past two years.
Data is valuable, both to organizations and malicious actors. The massive amount of personal, financial and intellectual data enterprises collect makes a tempting (and lucrative) target for attackers. Data breaches cost companies more than $3.8 million on average, and over the next 24 months, more than one-quarter of businesses will experience a recurring material breach.
As a result, data breaches represent the most immediate need for effective enterprise data defense. Better protection means better compliance and reduced monetary losses, reputational damage and impact to line-of-business operations. Improved security processes are also critical for emerging business priorities, including:
With data defense now in the vanguard of effective enterprise information security, what’s holding companies back? The following four common complexities conspire to limit the effectiveness of data protection:
The first step toward better data protection is encryption. Encrypted data both frustrates attacker efforts and satisfies most regulatory expectations around due diligence. But how much encryption is “enough?” According to Stephanie Balaouras, research director for the security and risk team at Forrester Research, “You can never have too much encryption.”
It’s also critical to adopt a more aggressive approach to data defense and database activity monitoring and alerting. Leslie Wiggins, senior product manager for IBM’s data security portfolio, described it as defending your information “like a guard dog” to account for the rapid growth of mobile and cloud storage.
Finally, you need to locate and prioritize data across the organization. Not everything requires the same level of protection, but it’s essential to discover, define and defend key data sources.
The new data landscape, driven by user privacy requirements, evolving regulations and the need for business-driven identity and access management (IAM) policies, has prompted the development of new standards for critical asset control. To better protect their data, security initiatives must deliver across three key areas:
A full-featured data protection, asset defense and compliance strategy is no longer nice-to-have, but a must-have initiative for organizations of all sizes.
From data breaches to digital transformation and regulatory compliance, data-first defenses are essential to effectively leverage data assets to drive business function, defend user data from unwanted incursions, and satisfy emerging compliance and regulatory requirements.