Organisations must reconsider how they protect data

By Ted Pretty

A new IDC Perspective entitled Is Data the New Endpoint(1) proposes that organisations need to change how they think, and instead view data itself as an endpoint to improve how it can be secured.

The report states that: “Data is an asset that is increasing in value, created and stored in an ever-growing variety of devices. It is also increasing in volume, its value only realised by sharing – and only with those who are authorised to view it. And yet hackers are seemingly able to steal this data with ease from those that are unable to secure it sufficiently”. The authors also question why data breaches are still occurring when billions of dollars are spent worldwide on various forms of IT security. I’m sure many of us wonder the same.

Co-author of the report, Simon Piff, Vice President, Security Practice for IDC Asia/Pacific, says: “Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future. It’s clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.”

I completely agree with this view. To greatly reduce security issues, organisations should implement solutions that follow data from its creation to its end of useful life, and ensure only authorised users and processes can access, use and amend the data.

Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach.

The solution, asserts the white paper, is for organisations to reconsider their overall security strategies. As the perimeter “decomposes and becomes more fluid (e.g. cloud, mobile, IoT), data must be elevated so that each data object can itself participate in the security portfolio.”

“Clearly the security solutions we have in place today are not sufficient to protect the data stored within systems, hence the plethora of high-profile data breaches in the news,” states the report. “It is time to rethink how we secure the data by considering data as an endpoint with an active role to play in the overall security strategy rather than as a passive element in transactional systems … To be successful, organisations must develop a program that focuses protection capabilities on the data itself.”

  • Recommended actions:
    Consider how and where the data is created, captured, transmitted and stored, and where the vulnerabilities are greatest along this value chain
  • Identify offerings that can secure that data at its earliest point of creation and throughout its life cycle, regardless of whether this is on- or off-premises
  • Realise that not all data is of the same value, and that value may differ from an internal (your own) and external (the hacker’s) point of view, and then apply the relevant levels of protection
  • Establish a process that can constantly evaluate this value based on impact to the business, impact of legislation and impact of new threats and vulnerabilities

Download the full IDC Perspective.

1 IDC Perspective, Is data the new endpoint? – #AP43120017 (October 2017)

December 9, 2017