Regardless of what business you are in, a data security breach is an increasingly likely scenario that all businesses must mitigate. With escalating cybercrime, the widespread growth in Cloud computing, and the explosion in mobile devices and varying tech and app use amongst employees and partners, key aspects of enterprise security are beyond our control.
Gartner forecasts that security and risk management spending worldwide will grow 12.4% to reach $150.4 billion in 2021. Even with that investment, the number of data breaches is increasing.
The pervasiveness of data and the complexity of the underlying environment continues to increase by orders of magnitude. It means that increased vulnerability around sensitive data is here to stay for all businesses. But for CISOs, is it merely a question of continually bolstering an organization’s core defenses—the systems, applications, devices and networks that enclose data?
There is more apps, more data, more networks, and more logins than ever before. It means that sensitive data may be at risk out of sight and beyond the reach of security teams. Gaps in security policy and process will always exist. Having a policy of ‘building walls’ with strong perimeter-based security, authentication, encryption and more will sometimes fail.
The Four Key Gaps In Information Security Architecture
There are four key gaps in information security architecture that revolve around employee and external partner behaviors. They can only be remedied with data-centric security practice (and by engendering a solid security culture within the business). For CISOs these pain points pose serious risks in terms of maintaining compliance. They can also create a reactionary environment of playing continual catch-up.
The Behavior Gap
Usability poses a major challenge to CISOs. People simply want to find the fastest, most convenient way of doing something. In fact, human error is still the number 1 cause of data breaches in 2021. Sensitive files will be added to USBs or data copied to unsecured documents, secure FTP servers may be bypassed, and people may not always adopt the security processes in place.
The Visibility Gap:
Sensitive data travels. Average employees send emails in their tens of thousands per year and many receive files they were not meant to see. IT Governance lists a staggering number of serious enterprise data breaches in March 2021 alone.
Who accesses data once it’s shared beyond a business’s devices, networks, and applications and how it is used? All this is beyond your control and lies outside of your monitoring, auditing, and tracking technologies.
Where files and data are shared outside your organization, the nature of the information within them cannot be tracked or audited once it leaves your server.
The Control Gap:
Lost files or leaked information can go beyond an organizations control. Identity and Access Management, Mobile Device Management and Data Loss Prevention (DLP) systems, all help to monitor and control employee access to data. But data that leaves the systems and networks within your sphere of influence is effectively out of your control.
Lost or leaked information can bear serious consequences. There is no way to shut down the information once leaked. Importantly, all potential violations must be reported with implications around compliance.
The Response Time Gap:
There is a time lag between uptake of a new application or behavior and the ability of CISOs to understand and respond. It’s what puts security teams into reactionary mode. It can take weeks or months to identify, during which time you don’t know what’s happening with sensitive information.
Technology changes quickly and in many organizations employees bring their own devices, applications, and expectations of how to work. Departments purchase applications and devices, which in turn generate more sensitive, proprietary information.
In the rush to get business done, security is often left to play catch-up. It means security breaches may be the unintended consequences of this gap.
Security needs to operate at the speed of business, with the flexibility to adapt to the unknown. Your Response Time Gap may be measured in days, weeks, months, or quarters. The longer it is, the greater the risk of people taking measures into their own hands, or of sensitive data going untracked into new applications.
Closing the Data Security Gap with Data-Centric Security Strategies
Collaboration, innovation, partnerships, and business development are the behaviors that drive business growth. They are all are dependent on trusted exchanges of vital information.
When these new unforeseen breaches take place, CISOs must respond. They need to evolve from infrastructure-centric security measures with multiple layers of defense, to data-centric approaches that protect what really matters: the data itself.
Data Loss Prevention (DLP) solutions, data encryption solutions and Digital Rights Management (DRM) tools often take a limited view of the data to be protected. While they monitor files on a server or emails leaving the network, they still depend on the idea of walls—systems, devices or networks that enclose data.
Businesses need to be able to guarantee file-level security. It allows them to secure, track and share any kind of data, no matter where it’s stored or located. They can deliver robust policy enforcement, strong encryption, and strict access controls. Data-centric security solutions also enable employees to collaborate freely while ensuring a high level of security and visibility. It also allows them to revoke access to sensitive data that has been shared by email mistakenly. Further, by adding a cloud-based tether, access to data can be managed with access rights and the data decrypted if the person is approved.
Data is the lifeblood of business. By locking it down too tightly, business slows down and potentially diminishes its value. CISOs should adopt a data-centric security solution that secures sensitive data through its entire life cycle; everywhere it travels, no matter who has it or where it’s stored. By adding in this additional layer of security, data is protected in motion, in use, or at rest, inside or outside the organization.
Titus is synonymous with world-class data classification and our solutions are key components of HelpSystems’ robust data security portfolio.
Titus solutions are trusted by millions of users in over 120 countries around the world, including top military, government and Fortune 100 organizations. With the addition of data identification and advanced machine learning technologies, Titus has evolved into a global leader in enterprise-grade data protection solutions.
