‘Security is a process. Not a product.’ – Bruce Schneier
Security concerns remain at the heart of IT department discussion.
However, with the right approach, these conversations can move beyond reactive damage limitation and move towards a holistic view of security that embraces prevention, detection, people and technology.
- Poor integration of emerging technology
- Malicious or unintentional insider activity, including shadow IT
- Issues with data governance and regulatory compliance
As such, a joined-up approach to data security management can address these issues:
3 ways to ensure secure data management
1. Trust but verify
Firstly: cloud security is a two-way street.
Companies should be able to hold service providers accountable for breaches in their infrastructure. Any cloud Service Level Agreement (SLA) should reflect this.
As cloud computing evolves, there’s a risk of disparate security standards.
‘Sophisticated providers will understand the data security requirements in the customer’s industry and have independent audits conducted that confirm the environment is secure’, says Jessica Franken, an experienced technology transactions lawyer at Quarles & Brady.
If you can’t agree upon a set standard of data governance with your cloud service provider, consider looking elsewhere.
2. Manage people, roles and identities
People management is just as important as application control.
Thus, knowing who has access to your data at any given time can help you create stronger governance policies, thus creating better data security management.
Companies that understand the importance of identity access management experience fewer insider threats. While a level of trust is always necessary, accountability and privileged access management can prevent the mishandling of sensitive data and improve compliance.
Gartner analyst, Brian Iverson, suggests ‘if you are forced to focus on ROI to justify IAM investments, then your organisation is not ready to take IAM seriously.’
In addition, you have matter dealing with the more common issue of ransomware. While this topic has been prevalent for a while, the recent NHS ‘meldtown’ has very much increased the spotlight on the subject.
From an initial Google Trends for ‘what is ransomware’, the results show an enormous spike:
This has meant that in addition to governing policies, organisations are now scrambling to find the best enterprise-grade data security.
In view of this current state of instability, we hope this ransomware infographic helps to articulate the current issues:
3. Protect at a data level: a secure data management perspective
Finally, perimeter defences are becoming difficult to sustain. With remote working, BYOD and VPN causing network borders to stretch, firewalls are no longer an adequate last line of defence.
So, take measures to secure your most sensitive data at a more granular level.
Encryption is key, whether it’s data at rest in your datacentre, in-transit or sitting on an end user’s laptop.
‘The key to a good encryption strategy is using strong encryption and proper key management. Encrypt sensitive data before it is shared over untrusted networks’, says Chuck Davis, Executive Security Architect at IBM.
See the wood, not the trees
Don’t let security fears hold you back from your digital transformation.
Implementing company-wide governance policies and tracking data access across the board isn’t easy. But, when it’s built in from the start, security is not a blocker or a burden on IT change management, it’s an enabler.
So, to clarify…
3 data security tips
- Trust but verify
- Manage people, roles and identities
- Protect at a data level: data security perspective
Well, that’s our summary, make sure to let us know your thoughts on data security management below. However, should you wish to learn more, download this guide on benchmarking your workspace ⇓
This post was original posted April 6, 2017. However, it has been updated with more relevant data.
Written by Neil Allgood, | Practice Lead, RedPixie | See his LinkedIn Profile