In 2018, organizations around the world spent $114 billion on cybersecurity technology products. That same year in the United States, at least 471 million records were exposed in 1,257 reported breaches.
Why the disconnect? In data protection, there is no silver bullet and there is no easy answer. However, these stats highlight an important truth:
Information Security is not a technical challenge, it is a business challenge that must be facilitated by technology.
Organizations continue to fail to protect information because they are not focused on what matters most: their data. Protecting data in a meaningful way requires a complex tapestry of technologies, but they must be part of a data-centric program built on the foundation of focused risk management strategies. Protecting data well is complex, rapidly evolving, and extremely expensive investment for any organization.
This complexity is not new, although for some organizations it feels that way because COVID-19 has rapidly accelerated digital transformation initiatives. Organizations that previously supported 5%-10% of workers remotely suddenly have 95%-100% of workers logging in from offsite. However, digital transformation has been driving change in infrastructure and data flows at a breakneck pace for more than a decade. Changes are impossible to keep up with unless your security program is also constantly evolving in concert with the business.
Strategic Challenges to Data Protection Success
Over the past decade, organizations have spent plenty of money trying to solve escalating cybersecurity challenges, but the results have not been good. The truth is, money alone is not enough to solve this problem.
That is both good and bad news. As we enter a time when a prolonged economic downturn seems likely, many organizations will look to cut their security spend. On the surface, that seems to be bad news for the effectiveness of data protection. However, there is a silver lining. Vendor consolidation and reducing complexity may improve both efficiency and effectiveness in most organizations—if they address and solve these five strategic challenges.
1. Business environments are changing and rules for using data are harder define.
Data loss prevention (DLP) technology solutions were designed for an era when all data was on premises. There were clear business rules governing authorized methods of data storage, transmission, and use. Digital transformation is driving rapid change in the systems organizations deploy to support their businesses. Likewise, the ways in which people and data interact with those systems are also in flux. In today’s world, 10% of traffic can be classified as “Always Allow.” Another 10% can be classified as “Always Block.” The 80% in the middle falls into the “It Depends” category. Thus, security programs can never be one-size-fits-all. Every program is dependent on business context.
2. No single technology does everything and integration is difficult.
Effective data protection requires two or more of the following categories:
- Data visibility
- Content analytics
- Data classification
- Cloud security capabilities
- Persistent data protection
- Contextual awareness
Rarely (or never) does a single technology provider solve all these problems in a given business environment. And disparate technologies do not natively integrate well. As a result, businesses build silos around individual technologies, hindering their ability to recognize important cross-platform context clues.
3. The information security technology marketplace is changing rapidly.
A short while ago, Symantec was the dominant player in the information security space. No one thought they would lose their leadership position. Since Broadcom acquired Symantec, many organizations have been re-thinking their Broadcom relationship. Technology companies like Forcepoint and Netskope are using the disruption to challenge the way organizations look at data protection problems. At the same time, Microsoft has been making significant investments in their own DLP technologies. These industry leaders are bringing compelling new visions and approaches into the data protection space. In addition, a dizzying array of complementary technologies must integrate with these platforms to truly deliver on the promise of data protection.
4. The cost of protecting data is high. The cost of not protecting it is growing.
It is expensive to run a data protection program properly. Skilled cybersecurity staff are expensive and difficult to find, but they are not required on a full-time basis. Much of cybersecurity involves a significant amount of low-skill, high-volume work. Staffing internally—and doing the job right—means spending significantly more than should be necessary. For many years, these costly considerations meant that organizations simply chose not to protect data comprehensively. Ultimately, governments around the world have stepped in to require minimum levels of data protection. Today, we have more data security and privacy regulations than ever before. GDPR and CCPA drove both headlines and improvements in data hygiene and privacy practices—and have set the stage for increased regulatory intervention.
5. The shared security model confuses many people.
When your organization sets up infrastructure in the public cloud, you can be overwhelmed by the options for securing their applications and data. First, you choose your provider. Each provider offers services with different options, alternatives, and built in security features. And that is just in the Information as a Service (IaaS) space, where there are three primary providers. The Software as a Service (SaaS) space comprises tens of thousands of providers. Now the choices are significantly more confusing, especially when most organizations don’t know how many cloud applications are in use in their environments. Gartner estimates that through 2022, 95% of cloud breaches will be the business’s fault—not the fault of the cloud provider. The problem is most organizations do not understand what their responsibilities are, much less how to fulfill them.
Data Protection Is Hard
Data protection sits at the intersection of identifying data, tracking its movement, and identifying risk patterns in human behavior. Individually, those are complex issues. Combining them all into an integrated well-functioning program requires:
- proper technologies,
- a proper process to integrate the inputs and outputs, and
- people with deep expertise in the art and science of data protection.
We can help. InteliSecure’s managed data protection services are purpose-built on a proven methodology to solve these problems.
- If you are struggling to protect your sensitive information, please call us, we can help you.
- If you are looking to consolidate vendors or reduce spending without diminishing the effectiveness of your program, call us, we can help you.
- If you are looking for a more efficient way to staff your program while simultaneously increasing your efficacy, call us, we can help you.
US Phone: 720-227-0990 | UK Phone: +44-118-976-8960 | Email: email@example.com