Light Dark
October 3, 2018 By Paula Musich 3 min read
Data Protection
Risk Management

As enterprises undergo digital transformation and explore new opportunities offered by cloud technology, many lose sight of the digital risks they’ve encountered along the way. Like the pioneers who headed into the Wild West more than a century ago, companies today face a range of unseen dangers as they move unwittingly into potentially hostile territory. From developers and engineers collaborating via cloud-based, consumer-focused data sharing platforms to independent contractors retaining access credentials long after their projects are completed, the risks to critical data are expanding along with the attack surface.

Whether it’s digital transformation, cloud computing, extended supply chains or outsourcing, it’s imperative for organizations to establish a formal data risk management program that’s more than just a governance, risk and compliance program designed to check the boxes for auditors. Data risk management programs put mission-critical data — an organization’s crown jewels — at the center of the effort. Ensuring the confidentiality, integrity and availability of that data, no matter where it lives or who touches it, is the top priority.

Join the Nov. 1 webinar

Round Up the Posse: The Importance of Multiple Stakeholders

To be successful, a data risk management program requires the involvement of multiple stakeholders, including data owners; line-of-business managers; IT and security professionals; legal, HR and finance departments; and multiple members of the C-suite, all the way up to the CEO. All these parties have a hand in identifying the enterprise’s crown jewels, where they are located, who handles or processes them and where they flow not only within the organization, but outside of it as well.

An effective program also requires input from security professionals who can understand how the inherent risks of ownership, privilege rights, locality, sensitivity and complexities associated with third-party application integrations can be used as backdoors into mission-critical data or cause serious business disruption.

Other common challenges organizations encounter when developing a data risk management program include:

  • Manual process bottlenecks that greatly impact the organization’s ability to scale;
  • Siloed IT systems, each with their own data store, that lack sufficient controls and make it difficult to prioritize risk, thereby creating the potential for exposure;
  • Friction between IT operations and security teams due to the lack of a common language and differing priorities, which makes it hard for them to work in concert to prioritize risks and take immediate remediation actions in the event of a serious breach; and
  • The ability to distinguish between pedestrian events and those that could disrupt business operations, such as the theft and disclosure of sensitive intellectual property (IP).

Take the Reins: Developing Measurements That Actually Mean Something

Successful data risk management programs require security professionals to develop key performance indicators (KPIs) or risk measurements that actually mean something to business executives. Tactical metrics and reporting from tools designed to serve the needs of security analysts do not translate well into the language of business risk. However, by ingesting useful data from a range of security tools that can then be combined with other strategic operational metrics and contextual information, it’s possible to present such data to business executives in a way that allows them to better grasp where existing security controls are adequate and where additional resources are needed.

Such tools include security information and event management (SIEM), data loss prevention (DLP), application security, security response management, vulnerability assessment, and data monitoring systems. A dashboard that takes all that highly technical data and boils it down to sensible risk measurements can benefit multiple stakeholders within an organization as they work to mature their data risk management practices. A data risk manager with a business-centric approach can reduce the time it takes to investigate and remediate threats, and potentially avoid or minimize damages and cost.

Circle the Wagons: It’s Time for a Focused Data Risk Management Program

As enterprises embrace digitization, cloud and IT automation, most are still in the pioneering stages — if they’ve begun at all — of developing a data risk management program. With a vastly expanded threat surface, highly sophisticated and well-funded threat actors seemingly immune to law enforcement, and increasingly complex and porous organizational structures, it’s time to circle the wagons around mission-critical data assets. There’s no better time to create a programmatic approach by automating and orchestrating data risk management.

Join the Nov. 1 webinar

 |  |  |  |  |  |  |  |  |  |  |  |  | 
Paula Musich
Research Director

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature