Regardless of what business you are in, a data security breach is an increasingly likely scenario that all businesses must mitigate. With escalating cybercrime, the widespread growth in Cloud computing, and the explosion in mobile devices and varying tech and app use amongst employees and partners; key aspects of enterprise security are now, and will forever be, beyond our control.
In fact, Gartner has forecasted that security and risk management spending worldwide will grow 12.4% to reach $150.4 billion in 2021. Even with that investment, the number of data breaches is increasing.
pervasiveness of data and the complexity of the underlying environment
continues to increase by orders of magnitude, and increased
vulnerability around sensitive data is here to stay for all businesses. But for
CISOs, is it merely a question of continually bolstering an organization’s core
applications, devices and networks that enclose data?
The fact is that with
more apps, more data, more networks, and more logins than ever before,
sensitive data may be at risk out of sight and beyond the reach of security
teams. Gaps in security policy and process will always exist and a policy of
‘building walls’ with strong perimeter-based security, authentication,
encryption and more will sometimes fail.
Key Gaps In Information Security Architecture
There are four key gaps in information security architecture that revolve around employee and external partner behaviours, and can only be remedied with data-centric security practice (and by engendering a solid security culture within the business). For CISOs these pain points pose serious risks in terms of maintaining compliance and can create a reactionary environment of playing continual catch-up.
The Behaviour Gap: Usability poses a major challenge to CISOs. People simply want to find the fastest, most convenient way of doing something. In fact, human error is still the number 1 cause of data breaches in 2021. Sensitive files will be added to USBs or data copied to unsecured documents, secure FTP servers may be bypassed, and people may not always adopt the security processes in place.
The Visibility Gap: Sensitive data travels. Average employees send emails in their tens of thousands per year and many receive files they were not meant to see. IT Governance lists a staggering number of serious enterprise data breaches in March 2021 alone.
accesses data once it’s shared beyond a business’s devices, networks, and
applications and how it is used is beyond your control and lies outside of your
monitoring, auditing, and tracking technologies.
files and data are shared outside your organization, the nature of the
information within them cannot be tracked or audited once it leaves your
The Control Gap: Lost files or leaked information can go beyond an organizations control. Identity and Access Management, Mobile Device Management and Data Loss Prevention (DLP) systems, all help to monitor and control employee access to data. But data that leaves the systems and networks within your sphere of influence is effectively out of your control.
Lost or leaked
information can bear serious consequences with no way to shut down the
information once leaked, and potential violations that must be reported with
implications around compliance.
The Response Time
Gap: There is a
time lag between uptake of a new application or behavior and the ability of CISOs
to understand and respond. It’s what puts security teams into reactionary mode
and can take weeks or months to identify, during which time you don’t know
what’s happening with sensitive information.
quickly and in many organizations employees bring their own devices,
applications, and expectations of how to work. Departments purchase
applications and devices, which in turn generate more sensitive, proprietary
In the rush to get
business done, security is often left to play catch-up and security breaches
may be the unintended consequences of this gap.
Security needs to
operate at the speed of business, with flexibility to adapt to the unknown.
Your Response Time Gap may be measured in days, weeks, months, or quarters. The
longer it is, the greater the risk of people taking measures into their own
hands, or of sensitive data going untracked into new applications.
the Data Security Gap with Data-Centric Security Strategies
Collaboration, innovation, partnerships, and business development are the behaviours that drive business growth and all are dependent on trusted exchanges of vital information.
When these new unforeseen breaches take place, CISOs must respond by evolving from infrastructure-centric security measures with multiple layers of defence, to data-centric approaches that protect what really matters: the data itself.
Data Loss Prevention
(DLP) solutions, data encryption solutions and Digital Rights Management (DRM)
tools often take a limited view of the data to be protected, for example files
on a server or emails leaving the network, and they still depend on the idea of
walls—systems, devices or networks that enclose data.
Businesses need to be able to guarantee
file-level security—to secure, track and share any kind of
data, no matter where it’s stored or located, with robust policy enforcement,
strong encryption, and strict access controls. Data-centric security solutions
also enable employees to collaborate freely while ensuring a high level of
security and visibility, and even revoke access to sensitive data that has been
shared by email mistakenly. Further, by adding a cloud-based tether, access to
data can be managed with access rights and the data decrypted if the person is
Data is the lifeblood of business and, by locking it down too tightly, business slows down and potentially diminishes its value. CISOs should adopt a data-centric security solution that secures sensitive data through its entire life cycle; everywhere it travels, no matter who has it or where it’s stored. By adding in this additional layer of security, data is protected in motion, in use, or at rest, inside or outside the organization.
Written by Adam Strange, Global Marketing Director at Titus.