Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

58shares

The 80-20 Rule For Security Practitioners

Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21^st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards. It’s getting worse: McKinsey in conjunction with the World Economic Forum have estimated that failing cyber security approaches could have an aggregate impact on technology and business innovation of $3 trillion by 2020.

It’s a common underlying misconception that IT staff knows how to secure today’s mission-critical data assets. Firstly, IT practitioners chartered with securing our most data assets may or may not be trained security practitioners and secondly they are relying on the same solutions that have failed in the past, and which continue to fail. And, given ever-increasing data sets, a changing IT environment and a changing threat landscape, it’s hardly safe to assume that IT has an organization’s most valuable data assets secured.

So what needs to happen?

Organizations need to hone in on securing what really matters – it’s most often just a small subset of all the data most organizations process or handle that needs the most rigorous protection. Rather then trying to boil the ocean and secure everything, organizations need to apply the 80-20 approach and focus on that 20 percent of data that is most critical.
Data security tools need to be automated. Today’s outdated fragmented toolsets require a considerable ongoing investment in day-to-day management to even come close at being effective. We should be able to harness big data analytics and today’s advanced algorithmic technologies towards pinpointing and then securing an organization’s most valuable assets.

Encryption is not a panacea for everything. Encryption strength varies and key management is also an important part of encryption. And as we enter the world of IoT, we need to rethink how we secure and manage data through the lifecycle of machines and the data that those machines generate and exchange.

Finally, business leaders have to find ways to work with IT for a much more strategic approach to securing and managing the data assets which comprise the lifeline of their business. This means talking about IT security in business terms versus focusing on IT terms which may not capture the real value of the data that needs securing.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW’s Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry’s first blueprint for making data protection “business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

THOUGHT LEADERS

3 ways AI can create a more equitable future for food distribution

More equitable future for food distribution with AI At best, only 70% of food gets used in the United States. The rest goes to waste. Although devastating, the good news is this massive waste of ...

Sustainable Solutions for the Data Center: Net Zero Emissions Designs

Net Zero Emissions Designs Sustainability has become an increasingly frequent topic of discussion for data center operators, with many pledging to be carbon-free as soon as 2030. But are these commitments a response to the ...

Object Storage: 7 Trends and Predictions for 2024

What Is Object Storage? Object storage, in the simplest terms, is a data storage architecture that manages data as objects, as opposed to traditional block storage or file storage architectures. These objects include the data, ...

The Future of Enrollment Systems: Predictive Analytics and Artificial Intelligence

The Future of Enrollment Systems Enrollment systems play a crucial role in various industries, from higher education institutions to online courses and professional certifications. These systems streamline the enrollment process, manage student data, and contribute ...

Ditching the Third Party: Enabling Privacy and Personalization with AI-ready Data

Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...

AI-powered identity verification: what businesses need to know in 2023

AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...