Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners 

Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards. It’s getting worse: McKinsey in conjunction with the World Economic Forum have estimated that failing cyber security approaches could have an aggregate impact on technology and business innovation of $3 trillion by 2020.

It’s a common underlying misconception that IT staff knows how to secure today’s mission-critical data assets. Firstly, IT practitioners chartered with securing our most data assets may or may not be trained security practitioners and secondly they are relying on the same solutions that have failed in the past, and which continue to fail. And, given ever-increasing data sets, a changing IT environment and a changing threat landscape, it’s hardly safe to assume that IT has an organization’s most valuable data assets secured.

So what needs to happen?

  • Organizations need to hone in on securing what really matters – it’s most often just a small subset of all the data most organizations process or handle that needs the most rigorous protection. Rather then trying to boil the ocean and secure everything, organizations need to apply the 80-20 approach and focus on that 20 percent of data that is most critical.
  • Data security tools need to be automated. Today’s outdated fragmented toolsets require a considerable ongoing investment in day-to-day management to even come close at being effective. We should be able to harness big data analytics and today’s advanced algorithmic technologies towards pinpointing and then securing an organization’s most valuable assets.
  • Encryption is not a panacea for everything. Encryption strength varies and key management is also an important part of encryption. And as we enter the world of IoT, we need to rethink how we secure and manage data through the lifecycle of machines and the data that those machines generate and exchange.
  • Finally, business leaders have to find ways to work with IT for a much more strategic approach to securing and managing the data assets which comprise the lifeline of their business. This means talking about IT security in business terms versus focusing on IT terms which may not capture the real value of the data that needs securing.

By Evelyn de Souza

The Sticky Note.png
Viral Infection Wearabletech
Byod.png
The Backup.png
Quantum
The Next Computing Revolution: Quantum Chips There has been a lot of talk over the past few years about quantum computing and how it promises to revolutionize the computing world. But for many years this ...
Martin Mendelsohn
The Colonial Pipeline Dilemma The Colonial Pipeline is one of a number of essential energy and infrastructure assets that have been recently targeted by the global ransomware group DarkSide, and other aspiring non-state actors, with ...
The difference between SaaS-based and cloud-based services
Learn the Differences Between Cloud-Based and SaaS-Based Services When businesses look at technology options, they can choose between cloud-based services or Software as a Service (SaaS) for their needs. These two related solutions are similar ...
Boominathan Shanmugam
Predictive Service Delivery Operations Service delivery operations are vital for the success of Digital Service Providers (DSPs). However, most DSPs struggle with the conventional service delivery process leading to high customer churn and reduced NPS ...
What is Microservices in DevOps?
What Is The Role of Microservices in DevOps? The modern business landscape is constantly evolving, and so are the user requirements that come with it. What worked yesterday may not work tomorrow, and service providers ...