As that perimeter decomposes and becomes more fluid, it must be elevated so that each data object can itself participate in the security portfolio
Organisations need to change how they think and view data itself as an endpoint, in order to improve how it can be secured, according to a new report by IDC.
“Data is an asset that is increasing in value, created and stored in an ever-growing variety of devices. It is also increasing in volume, its value only realised by sharing – and only with those who are authorised to view it.
“And yet hackers are seemingly able to steal this data with ease from those that are unable to secure it sufficiently,” note report authors Simon Piff and Hugh Ujhazy of IDC.
They also question why data breaches are still occurring when billions of dollars are spent worldwide on various forms of IT security.
“Strategies to protect data must evolve if we are going to successfully protect this valuable resource in the future,” says Piff, who is vice president, security practice for IDC Asia Pacific.
“It’s clear from the almost constant barrage of headlines announcing the latest data breach that we are not able to secure this asset with the strategies we have used in the past. Perhaps by reconsidering our approach to how we think about data, we can create improved strategies to secure this increasingly valuable asset.”
The solution, according to the report Is Data the New Endpoint? is for organisations to reconsider their overall security strategies.
“Data has traditionally been seen as the passive result of transactional systems, to be surrounded, protected, and secured in systems that take an active part in the overall security perimeter of an enterprise,” it states.
“As that perimeter decomposes and becomes more fluid (e.g., cloud, mobile, IoT), data must be elevated so that each data object can itself participate in the security portfolio.”
“It is time to rethink how we secure the data by considering data as an endpoint with an active role to play in the overall security strategy rather than as a passive element in transactional systems... To be successful, organisations must develop a program that focuses protection capabilities on the data itself.”
A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach
“We also need to be aware that data security is not a silo; the value of data is only realised after it is refined using analytics to better understand the patterns that deliver value to the business.”
Ted Pretty, CEO of Covata, which sponsored the report, concurs.
“Traditional perimeter security strategies that have focused on hardening the networks and systems supporting the data, rather than the data itself, are what needs to change. A perimeter-focused strategy is no longer sufficient, and many security technologies are simply applying that same failed approach,” says Pretty.
The report lists the following recommended actions for both organisations and their technology buyers:
- Consider how and where the data is created, captured, transmitted and stored, and where the vulnerabilities are greatest along this value chain
- Identify offerings that can secure that data at its earliest point of creation and throughout its life cycle, regardless of whether this is on- or off-premise
- Realise that not all data is of the same value, and that value may differ from an internal (your own) and external (the hacker’s) point of view, and then apply the relevant levels of protection
- Establish a process that can constantly evaluate this value based on impact to the business, impact of legislation and impact of new threats and vulnerabilities.
Send news tips and comments to firstname.lastname@example.org
Follow Divina Paredes on Twitter: @divinap
Follow CIO New Zealand on Twitter:@cio_nz
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.