data security management working

Author: Neil, Practice Lead  
Last updated: August 7, 2017

‘Security is a process. Not a product.’ – Bruce Schneier

Security concerns remain at the heart of IT department discussion.

However, with the right approach, these conversations can move beyond reactive damage limitation and move towards a holistic view of security that embraces prevention, detection, people and technology.

In cloud computing, the three main security threats facing CIOs are:

  • Poor integration of emerging technology
  • Malicious or unintentional insider activity, including shadow IT
  • Issues with data governance and regulatory compliance

 As such, a joined-up approach to data security management can address these issues:

3 ways to ensure Secure Data Management

1. Trust but Verify

Firstly: cloud security is a two-way street.

Companies should be able to hold service providers accountable for breaches in their infrastructure. Any cloud Service Level Agreement (SLA) should reflect this.

As cloud computing evolves, there’s a risk of disparate security standards.

‘Sophisticated providers will understand the data security requirements in the customer’s industry and have independent audits conducted that confirm the environment is secure’, says Jessica Franken, an experienced technology transactions lawyer at Quarles & Brady.

If you can’t agree upon a set standard of data governance with your cloud service provider, consider looking elsewhere.

2. Manage People, Roles and Identities

People management is just as important as application control.

Thus, knowing who has access to your data at any given time can help you create stronger governance policies, thus creating better data security management.

Companies that understand the importance of identity access management experience fewer insider threats. While a level of trust is always necessary, accountability and privileged access management can prevent the mishandling of sensitive data and improve compliance.

Gartner analyst, Brian Iverson, suggests ‘if you are forced to focus on ROI to justify IAM investments, then your organisation is not ready to take IAM seriously.’

In addition, you have matter dealing with the more common issue of ransomware. While this topic has been prevalent for a while, the recent NHS meldtown’ has very much increased the spotlight on the subject.

From an initial Google Trends for ‘what is ransomware’, the results show an enormous spike:

ransomware google stats

This has meant that in addition to governing policies, organisations are now scrambling to find the best enterprise-grade data security.

In view of this current state of instability, we hope this ransomware infographic helps to articulate the current issues:

data security management that focuses on ransomware infographic

Ransomware Infographic data source >

3. Protect at a Data Level: a Secure Data Management Perspective

Finally, perimeter defences are becoming difficult to sustain. With remote working, BYOD and VPN causing network borders to stretch, firewalls are no longer an adequate last line of defence.

So, take measures to secure your most sensitive data at a more granular level.

Encryption is key, whether it’s data at rest in your datacentre, in-transit or sitting on an end user’s laptop.

‘The key to a good encryption strategy is using strong encryption and proper key management. Encrypt sensitive data before it is shared over untrusted networks’, says Chuck Davis, Executive Security Architect at IBM.

See the Wood, not the Trees

Don’t let security fears hold you back from your digital transformation.

Implementing company-wide governance policies and tracking data access across the board isn’t easy. But, when it’s built in from the start, security is not a blocker or a burden on IT change management, it’s an enabler.

So, to clarify…

3 Data Security Tips

  1. Trust but verify
  2. Manage people, roles and identities
  3. Protect at a data level: data security perspective

Well, that’s our summary, make sure to let us know your thoughts on data security management below. However, should you wish to learn more, download this guide on benchmarking your workspace  ⇓

Topics: Security, Workspace, Data security

KNOWLEDGE IS POWERGet weekly email insights from RedPixie

IT Partner Success Choose correctly and boost your value by 56% →
surface banner.jpg