“What is data security?” A frustrated client asked this question during an inquiry not too long ago. Is it DLP? Encryption? Is it all of their efforts and controls for cybersecurity, from firewalls to email security?
It is a great question to unpack. Common approaches to data security often involve some consideration for data classification, data loss prevention, obfuscation techniques such as encryption, and access controls. Yet “common” does not mean easy to implement, effective in meeting enterprise requirements, or positive with regard to the employee experience.
How should we now consider data-centric security controls in a world of multicloud, anywhere work (and with it, personal devices and the connected home!), edge devices, and privacy regulations? And what does this look like in the context of a Zero Trust approach? These are growing questions for organizations when every security technology product’s purpose is to protect your organization’s data.
Data security and compliance controls are increasingly built in as features within various non-security technologies and cloud data platforms. Where — as a feature versus as a stand-alone offering — do we source these capabilities from, and what trade-offs come with our decision? Where do common approaches break down, and where do we have gaps that we must address with different techniques?
We also cannot fully consider the question of what data security is until we think about what constitutes sensitive “data” for organizations today. You have regulated data, such as personal data, that is top of mind, yet the scope of sensitive business data requiring protection spans across intellectual property and sources of value, like algorithms, code, IoT sensor data, and more.
I’m looking forward to shining a light on this question of what defines data security and more in my session “Redefining Data Security For The Modern Age” at Forrester’s Security & Risk event, November 8–9 in Washington, DC and virtually. I’ll tackle this topic and also highlight some cool examples of innovation for data security that security organizations should consider.