Why Security Practitioners Need To Apply The 80-20 Rules To Data Security

The 80-20 Rule For Security Practitioners 

Everyday we learn about yet another egregious data security breach, exposure of customer data or misuse of data. It begs the question why in this 21st century, as a security industry we cannot seem to secure our most valuable data assets when technology has surpassed our expectations in other regards. It’s getting worse: McKinsey in conjunction with the World Economic Forum have estimated that failing cyber security approaches could have an aggregate impact on technology and business innovation of $3 trillion by 2020.

It’s a common underlying misconception that IT staff knows how to secure today’s mission-critical data assets. Firstly, IT practitioners chartered with securing our most data assets may or may not be trained security practitioners and secondly they are relying on the same solutions that have failed in the past, and which continue to fail. And, given ever-increasing data sets, a changing IT environment and a changing threat landscape, it’s hardly safe to assume that IT has an organization’s most valuable data assets secured.

So what needs to happen?

  • Organizations need to hone in on securing what really matters – it’s most often just a small subset of all the data most organizations process or handle that needs the most rigorous protection. Rather then trying to boil the ocean and secure everything, organizations need to apply the 80-20 approach and focus on that 20 percent of data that is most critical.
  • Data security tools need to be automated. Today’s outdated fragmented toolsets require a considerable ongoing investment in day-to-day management to even come close at being effective. We should be able to harness big data analytics and today’s advanced algorithmic technologies towards pinpointing and then securing an organization’s most valuable assets.
  • Encryption is not a panacea for everything. Encryption strength varies and key management is also an important part of encryption. And as we enter the world of IoT, we need to rethink how we secure and manage data through the lifecycle of machines and the data that those machines generate and exchange.
  • Finally, business leaders have to find ways to work with IT for a much more strategic approach to securing and managing the data assets which comprise the lifeline of their business. This means talking about IT security in business terms versus focusing on IT terms which may not capture the real value of the data that needs securing.

By Evelyn de Souza

Maxim Melamedov
Trouble is Brewing Cloud Paradise - 2023 Will Determine Company's Long-Term Plans for Cloud Use The relationship between developers and the cloud was practically love at first sight. For years, migration to the cloud in ...
Get Smarter
Higher Education A big challenge for professionals of all ages is time. Balancing the responsibilities of work and life leave little time for self-improvement in the form of education. But ongoing education is more than ...
Louis
More CISOs will have to deliver revenue growth to protect their budgets and grow their careers in 2023 and beyond, and a core part of that will be getting multicloud security right. It’s the most common infrastructure strategy for ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...
John Peluso
Save Your Organization on Cloud Costs Organizations of all sizes are currently navigating their plans to avoid the recent surge in cyber-attacks and data breaches and preparing for unforeseen setbacks. Building a sensible backup and ...
Gilad David Maayan
What is SASE (Secure Access Service Edge)? SASE (Secure Access Service Edge) is a term coined by Gartner to refer to a new architecture for networking and security that combines both functions into a single, ...
Gary Bernstein
Common DevOps Misconceptions 86% of businesses say it’s important for their company to develop and produce new software fast to win market share and beat the competition, Harvard Business Review reveals. Yet, just 10% of businesses ...
Anita Raj
Coronavirus and Telemedicine Technology COVID-19 has brought the world to a near standstill. From NBA to Met Ball and Coachella, all major events and festivals are canceled. Disneyland is shut and movies are postponed. Flights ...
Answer To Everything.png
Disaster Recovery Plan.png
Growing Up.png
Hair Loss.png

PLURALSITE

Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization. 

(ISC)²

(ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees.

CYBRARY

CYBRARY Open source Cyber Security learning. The world's largest cyber security community. Cybrary provides free IT training certificates. Courses for beginners, intermediates, and advanced users are available.