Data Protection 2.0: It’s Not Just Names and Numbers Anymore
CISOs and their security programs face nearly overwhelming pressure to take a renewed focus on data protection. The external forces of advanced threats and a multitude of compliance obligations, combined with the internal forces of new business initiatives, lead to a complex set of data protection requirements. These requirements are then overlaid on an explosion in the volume of data generated and a variety of locations where that data may reside. And if that’s not enough, the scope of data to be protected includes not only customer data, but internal data and system data as well. Recognizing data protection as the underlying objective for information security programs and initiatives allows IT Security, Compliance and Operations teams to better align with a bridge-building end goal protecting the business and its customers.
Driven by expanding compliance obligations, increasingly sophisticated external threats and ever-changing business requirements, organizations are rediscovering the foundational concepts of information security objectives that focus on the protection of data. By its most literal definition “information security” means the protection of data. But today both the volume and scope of the data to be protected is much greater. Corporate security teams who build a security program around a clear objective such as data protection will tend to have better focus, clearer direction and a faster path to identifying threats and vulnerabilities before data is compromised. Just as in problem solving, where root-cause analysis provides better focus, a root objective such as data protection can be useful in driving security initiatives and providing improved focus for a security program. Read on to see an overview of the many data protection challenges CISOs face and a sequence of five actions to take to address these challenges.