Thales Blog

CDOs And CISOs Need To Be In Sync With Data Security

October 28, 2015

Henry Anzarouth Henry Anzarouth | More About This Author >

Need to SynchMonetizing your data should be analogous to monetizing your assets. Assets can include securities investments, precious metals and cash. A key characteristic of these types of assets is that they need to be protected from loss, theft and devaluation. So if you can use your data as a source of income, would you not want to protect that data in the same way you would protect your cash, precious metals and securities? It amazes me that most enterprises do not attach a significant enough concern for the well-being of their data. How do we monetize our data? By using analytics. SAS, for example, has been doing this for years. Additionally, many businesses have also utilized Business Intelligence (BI) for decades. Most recently, with the rapid advent of MapReduce and NoSQL technologies, Big Data is flipping the data monetization trend on its head. This threatens to change the database and data management industry completely.

ClickToTweet:  Need to Sync on #DataSecurity - #CISO and #CDO

Chief Data Officers (CDOs) should be aware that as they monetize their data, they need to protect it. While one may assume this is the role of the CISO or CSO, these chiefs may lose sight of the data as they focus on what, in their opinion, may be a bigger risk: a) loss of their network and b) loss of their IT assets. So, we have a situation where at least two individuals’ primary role leaves data protection somewhat off-target.

Both know that the data is growing everywhere – on file servers, in databases, and increasing exponentially to the cloud. There are a plethora of tools to protect data where it resides, but no company has the resources to add native security and encryption tools for each repository and data solution they own. It would help to be able to centralize security using a single tool that protects across all environments, repositories and solutions – but does so transparently.

Canada is also experiencing growth in the number of CDOs being appointed. Canadian CDOs will be concerned with cross-border jurisdictional rules and regulations that may affect their data if it is stored in a US-based cloud or elsewhere outside Canada’s borders. Canadians may prefer to use cloud service providers (CSPs) who have physical data centres within Canada’s borders. Another issue that may affect Canadian companies is that they may feel their volumes of data are not significant enough to be attack targets. But the largest organizations in Canada (which may still be small compared to our neighbours south of the border) are increasingly becoming global as they acquire businesses in the United States and elsewhere. This means Canadian data can be anywhere and protecting it is even more of a challenge. Smaller Canadian organizations may already use the public cloud to store and share documents in Amazon’s S3 cloud, Box, or OneDrive. These public clouds themselves are so big that they are obvious targets, meaning that even if you are a small Canadian enterprise, your data may be at risk.

Canadian enterprises can mitigate their fears by implementing cloud security which can prevent anybody from accessing their data without the permission of the data owner, no matter where it resides. A key to reducing costs and alleviating encryption key management woes when protecting data on premise and in the cloud is to use a single encryption solution that works everywhere.

CDOs and CISOs should be urged to investigate this aspect of data security and see how best to grease the wheels of data monetization and defend IT in depth. This can and should be done by protecting your valuable data within your physical and virtual network.