(c)iStock.com/Matej Moderc
Data today is moving and multiplying at pace across boundaries, platforms and applications. With the growth in cloud adoption, social media and mobility, information very rarely stays within the secure parameters of the enterprise anymore.
More and more businesses are looking to reap the benefits of the cloud. A recent study from the Economist Intelligence Unit found that the most mature enterprises are now looking to cloud strategies in order to expand sales channels. IDC also forecasts that total spending on cloud IT infrastructure will reach $53.1 billion by 2019, accounting for 46 per cent of the total enterprise IT infrastructure spend. However, with more critical data than ever before now residing outside of the corporate perimeter, the task of locating, securing and controlling this data will continue to be a challenge for organisations. The traditional fortress-building strategies that businesses have used to de-risk company data are no longer the viable option they once were.
A data-centric approach
The ability to roll out and maintain an effective data regulation strategy begins with an organisation’s ability to identify sensitive data at the source, wherever that may be. In today’s digital era it is essential that IT security professionals can visualise where their sensitive or confidential data resides. This involved putting strong data governance practices in place, which ensure the delivery of trusted, secured data.
Organisations also need to make it their business to understand the risks that are posed to their data, staying up to date with the constantly evolving threat landscape. Only once this is done, can the right security measures be applied to that information, ensuring it is safe. This is a big shift in security posture and is essential for future data strategies, but in light of a threat landscape that is rife with skilled and vigilant cybercriminals, businesses need to make sure that they are equipped to fundamentally re-architect security approaches to be data-centric. Security has to travel with the data, no matter where it goes. For IT professionals this means adopting an approach that focuses on managing and securing all end users and tying them to the data they create. By identifying and analysing sensitive data, such an approach can then be applied to help thwart data theft, whether it’s from internal or external sources.
The key to making this happen is helping business users easily integrate, consume and analyse all types of data. From there, the organisation can understand where applications create sensitive information in databases and how the information is proliferated to other data stores for use by line-of-business applications, cloud services and mobile applications.
The age of compliance
The recent introduction of EU data protection regulations has once again hammered home the need for organisations to ensure compliance with data regulations. Failing to manage and protect sensitive information can result in hefty fines of up to 4 per cent of global revenues, a sum that could jeopardise business viability. Of course, financial penalties are just one element of non-compliance. Another powerful incentive for businesses to adequately protect their data assets comes from the risk that data breaches pose for customer trust and corporate reputation.
No company wants to be known for their failure to protect confidential information. There is a growing list of organisations with first hand experience of the impact that a breach can have on brand equity. Consumers’ loss of confidence in business services can take a long time to repair. In fact, the latest research from Informatica into the State of the Data Nation reveals that security fears stop half of UK consumers sharing personal data with brands and businesses alike. What’s more, over half are reclaiming access and plan to share less data over the next three years, while a third claim nothing could incentivise them to share data at all.
There’s no doubt that effective data security comes at a cost, but by implementing the correct tools and adapting data postures, data security needn’t be the burden that companies seem to fear. When implemented effectively, a solid data strategy can provide the protection that all corporate assets require to master data protection and breach resiliency.