Data-centric security must be embedded across hybrid IT, so that risk to sensitive data is reduced and safe migration to cloud environments is accelerated.
By Charl Behrens, Principal technical consultant (security), iOCO Application Management.
A holistic view of data privacy and protection will take data security into the picture. It’s important to understand that protection and privacy begins with data discovery − to achieve this, a company needs to know its data, protect what matters most to the organisation and safely use data.
Modern data discovery platforms use artificial intelligence to quickly identify risk, which in turn provides the insights necessary to act effectively and efficiently. The goal today is the protection of data everywhere, in analytics and applications.
Data security is the process of protecting data from unauthorised access and data corruption throughout its lifecycle. The term encompasses data encryption, hashing, tokenisation and key management practices that protect data across all applications and platforms.
Before throwing your hands in the air at the industry jargon, arm yourself with information that will explain why companies should be investing in data security.
To protect critical assets, organisations around the globe are investing heavily in cyber security. Whether an enterprise needs to protect a brand, intellectual capital, customer information or provide controls for critical infrastructure, the means for incident detection and response to protecting organisational interests have three common elements: people, processes and technology.
Data security is a massive issue today in a world where global data creation is projected to grow to more than 180 zettabytes, through to 2025.
Companies are increasingly pressured to be agile and flexible. Customer service to the highest standard is the name of the game for all businesses and the ability to quickly satisfy consumer expectations is crucial in an unforgiving climate where the power of supplier choice puts the customer in charge.
Most businesses are now using multiple cloud providers, which is complicating efforts to protect sensitive data moving across hybrid IT.
These challenges are also driving cloud adoption for many enterprises due to the increasing cost and complexity of maintaining on-premises data centre hardware and software.
Businesses requiring increased capacity for growth or experiencing seasonal bursts of activity have realised it is more cost-effective to take advantage of elastic cloud capacity when needed, rather than acquiring, managing and maintaining data centre hardware and software.
Enterprise security and risk professionals responding to cloud data security research confirm that more than 40% of their corporate data in the cloud is sensitive in nature and insufficiently secured.
Adding further complexity to the problem, the Ponemon Institute found that, on average, today’s enterprises use 27 different software-as-a-service, infrastructure-as-a-service and platform-as-a-service solutions to run their business.
Traditional security controls embedded throughout existing IT infrastructure are proving increasingly ineffective as data has become more pervasive, mobile and cross-functional.
Most businesses are now using multiple cloud providers, which is, of course, complicating efforts to protect sensitive data moving across hybrid IT.
With the increasing number and complexity of privacy regulations, such as the GDPR and in South Africa, POPIA, there is an upward trend in the number, scope and scale of data breaches. This in turn is driving the need for more effective measures to protect sensitive data wherever it flows, whether on premises, in cloud infrastructure and applications, or on analytics platforms.
The combination of these strong business drivers and ineffective security controls has unfortunately already led to sensitive data being migrated into the cloud ahead of organisational readiness to secure it.
Large-scale data breaches − typically associated with missing, ineffective, or misconfigured cloud-native data security capabilities − are increasing, as are the fines being levied for non-compliance with data privacy regulations.
Businesses must be focused on the protection of sensitive data across multi-cloud, hybrid, and on-premises environments. Data-centric security needs to be embedded across hybrid IT, whereby risk to sensitive data is reduced and safe migration to cloud environments is accelerated.
It is necessary to apply security solutions that enable applications, data and data stores to interoperate with on-premises and in-cloud services − only in this way will end-to-end protection across the data lifecycle be achieved.
First prize is for companies to implement platform-agnostic data-centric security measures that aim to preserve data usability. Deploying solutions that are flexible in implementation and that provide protection for a virtually unlimited number of structured data types in any language, and any region, with proven performance and scalability, is the goal.
Businesses need to be enabled to identify sensitive information in ways that neutralise the effects of a data breach but that also permits continued use of the data in its protected state in applications and on analytics platforms.
It is crucial to maintain the context and meaning of data − such as its referential relationships, logic and business intent − in its protected form, while ensuring the business can minimise decryption requirements.
The preservation of referential integrity also enables protected data to be reliably referenced and joined for cross-cloud analytics, providing key insights through identifiers, such as phone numbers or IDs, common across disparate data sets.
In my next article, I will give a road map to data protection for businesses utilising payment card data on-premises or in the cloud.