Avoiding Common Data Security Pitfalls
By Jason Norred, Senior Director, Security Solutions II, Inc., friend of Andersen Alumni
In continuing with the theme of “Complexity is the Enemy of Good in Cybersecurity” from the last newsletter, organizations can reduce risk and improve security posture by focusing security efforts on what matters the most, securing your data. This includes maintaining the integrity of your data from unintentional or unauthorized changes, maintaining the confidentiality of your data, and maintaining access and availability to your data. This is commonly referred to as the CIA triad (Confidentiality, Integrity, and Availability).
There are some key questions that should be asked as you consider your data security. Do you know what your most sensitive data is? Do you know where your most sensitive data is? Who has access to that data? How vulnerable is that data? Is that data protected using an enterprise approach, including immutable and highly available copies of your data?
Many of the above questions can be answered if you develop and implement a data governance process. Still, there are some foundational building blocks that can be leveraged to get you and your organization started. Additionally, there are some pitfalls you certainly want to avoid as well. IBM recently published the following pitfalls along with the solutions that you can consider and implement today. These pitfalls include the following:
- Failure to move beyond compliance.
- Failure to recognize the need for centralized data security.
- Failure to define who owns responsibility for the data.
- Failure to address known vulnerabilities.
- Failure to prioritize and leverage data activity monitoring.
Solutions II also helps you avoid complications through a framework for change called the Adaptable Data Center® (“ADC”) that simplifies the complexity while decreasing technical debt with IT investments. The ADC framework takes security into consideration and all of your priorities and creates an actionable roadmap to take you from your current state to your future state. This can be a game-changer not only in your security approach to 2021 but in all of your IT priorities.