Organizations that want to survive and thrive in the 21st century need every advantage they can get: top talent, top strategies and of course, top technology. Technology, after all, has helped make business transactions faster, more transparent and more efficient. Big data, cloud computing, the “Internet of Things” (IoT), robotics, bots and other forms of artificial intelligence are all technologies that your organization is probably considering or reviewing, if they are not already in use.
These technologies also blur or eliminate traditional enterprise perimeters, and present new conduits for cyberattacks as attackers simultaneously are becoming more sophisticated. We live in a world of malware, ransomware, spear phishing, insider threats, nation-state attacks, APTs, SQL injections and social engineering.
There are no “magic bullets” to protect against this reality, but if CSOs and CISOs “follow the money” and focus on an end-to-end approach to data protection, they can become enablers for new business and technology use, while also promoting safe operation of existing operations.
Where We Stand
First, it’s incredibly important that CISOs have a comprehensive plan for protecting data regardless of where it is stored or how it is used. Most organizations start thinking about this in terms of compliance and regulation. Compliance and regulatory standards represent minimum requirements for operation, but CXOs should consider them a starting point. Given the rate at which threats evolve, even the most prescriptive regimes can’t guarantee data will be safe.
Many fall into the trap of relying on simply and only meeting compliance requirements to protect data. According to our 2016 Vormetric Data Threat Report, compliance was the top IT Security spending priority. And yet, over 60% of those same organizations had encountered a data breach.
If CXOs are serious about implementing an end-to-end data protection plan, they need to go beyond compliance and think about the need to secure data at each point in its creation, transmission and use. Some critical elements of this are:
- Secure identities – whether personal or for applications and devices
- Secure communications that ensure data isn’t exposed or altered in transit
- Secure storage of information that strongly controls access
- Secure use that only allows authorized users and applications
Each and every one of these elements rely on encryption and other cryptographic technologies, access controls and identity – all of which are offered or supported by Thales and Vormetric solution platforms. We’d be happy to help you learn more.
This doesn’t have to be a daunting task
None of these elements are new, but thinking about where to begin can be overwhelming. It doesn’t have to be, though, especially if one keeps a checklist in mind. Here are some good places to start:
- Meet the compliance bar for basic requirements
- Step beyond that to secure data stored and used on back end systems, as these are the biggest targets for data thieves
- Recognize threats posed to existing applications by building in additional security as the application evolves. This means updating your organization’s security posture as you update the application for new features
- When starting a new project, design the security into the project at the start. It’s tempting to prioritize time-to-market over all else, but data security requirements are least expensive when addressed upfront
To reiterate, keep in mind that your end-to-end plan should go step-by-step. While security is important, it’s best done right. A thoughtful, analytical, data-based strategy goes a long way. Covering all our (data protection) bases, so to speak, was one of our motivations behind the marriage of Vormetric + Thales.
While the challenges we all face are immense, there’s also so much to be excited about. We live in a time of unprecedented technological growth and change. Together, let’s navigate it securely.