However, with the right approach, these conversations can move beyond reactive damage limitation and move towards a holistic view of security that embraces prevention, detection, people and technology.
‘Sophisticated providers will understand the data security requirements in the customer’s industry and have independent audits conducted that confirm the environment is secure’, says Jessica Franken, an experienced technology transactions lawyer at Quarles & Brady.
If you can’t agree upon a set standard of data governance with your cloud service provider, consider looking elsewhere.
2. Manage People, Roles and Identities
People management is just as important as application control.
Thus, knowing who has access to your data at any given time can help you create stronger governance policies, thus creating better data security management.
Gartner analyst, Brian Iverson, suggests ‘if you are forced to focus on ROI to justify IAM investments, then your organisation is not ready to take IAM seriously.’
In addition, you have matter dealing with the more common issue of ransomware. While this topic has been prevalent for a while, the recent NHS‘meldtown’ has very much increased the spotlight on the subject.
From an initial Google Trends for ‘what is ransomware’, the results show an enormous spike:
This has meant that in addition to governing policies, organisations are now scrambling to find the best enterprise-grade data security.
In view of this current state of instability, we hope this ransomware infographic helps to articulate the current issues:
3. Protect at a Data Level: a Secure Data Management Perspective
Finally, perimeter defences are becoming difficult to sustain. With remote working, BYOD and VPN causing network borders to stretch, firewalls are no longer an adequate last line of defence.
So, take measures to secure your most sensitive data at a more granular level.
Encryption is key, whether it’s data at rest in your datacentre, in-transit or sitting on an end user’s laptop.
‘The key to a good encryption strategy is using strong encryption and proper key management. Encrypt sensitive data before it is shared over untrusted networks’, says Chuck Davis, Executive Security Architect at IBM.
Implementing company-wide governance policies and tracking data access across the board isn’t easy. But, when it’s built in from the start, security is not a blocker or a burden on IT change management, it’s an enabler.
So, to clarify…
3 Data Security Tips
Trust but verify
Manage people, roles and identities
Protect at a data level: data security perspective
Well, that’s our summary, make sure to let us know your thoughts on data security management below. However, should you wish to learn more, download this guide on benchmarking your workspace ⇓