Data Security: Don’t Call an Ambulance for a Sore Throat

Data Security: Don’t Call an Ambulance for a Sore ThroatNo one hides in a bunker for five months to avoid cold-and-flu season. And most people wouldn’t confine themselves to bed for four weeks over a sprained ankle. It would be ridiculous to disrupt your life to such degrees. You’ve got stuff to do. So you bulk up on hand sanitizer or elastic bandages and get on with your day.

Yet that lockdown-over-the-sniffles approach has been common in business, sometimes driven by CIOs and CISOs with an “eliminate all risk” mentality that opposes the potential of new technology to innovate or increase productivity.

I know one company where every new security concern triggered new firewall, intrusion detection and intrusion prevention solutions, which altogether cost $350K each time. It was like issuing quarantine orders whenever someone sneezed.

Without question, IT security is vital—your data is your business. At the same time, this volatile age of “digital disruption” has proven that a head-in-the-sand approach to technology and innovation can be fatal. Generally, business leaders understand the need for strong security, and CIOs and CISOs want to support business-driving innovations. But how do you protect your data now that it’s also your most exploitable asset?

The never-ending battle

It’s a constant struggle, one that today’s businesses fight with infrastructure- and device-based approaches, and (vital but often neglected) employee training against social engineering attacks. The challenges continue as technologies evolve from “strange new risk” to “vital to business success.” Five or six years ago, security concerns led many businesses to declare they’d never use cloud services. You’d be hard-pressed to find a CIO or CEO who’d say that today.

Just as businesses have evolved toward the cloud, they’re also evolving toward enterprise-wide data access. We recognize the valuable insights and innovations to be gleaned from trading siloed departmental data warehouses for the comprehensive enterprise data lake. Tearing down those silos can cost us a layer of security around specific data sets, but curling up in an information panic room is not the way forward.

That’s certainly not the approach for us. Informatica is a data company—our whole vision is around helping you be more productive with, and get more value from, your data by drawing knowledge from across the entire enterprise. We want to unlock the value in information, without leaving that data unprotected. We deal with that challenge both in the solutions we provide our customers, and in our own operations. Now, at the point where more than 80 percent  of the software running our business is in the cloud, we’ve evolved an approach that we think works.

Mind what matters most

Our focus is on securing the data itself, at rest and in transit. Perimeter-based security can’t be overlooked, but it also can’t do the job alone. We must make sure that the permissions around data limit it to the people who rightfully need access to it. We also used data masking, to screen personal identifying information, for instance, while still allowing us to run analytics on the data. With such controls in place, you then must monitor access to make sure those restrictions aren’t being circumvented or misused.

This frees you from walled-off warehouses of marketing data, sales data, customer service data, product data, etc. But it ensures that a marketing executive going into your data lake can only access the data she’s supposed to see, and an HR staffer or customer service manager can access different data from the same repository. It minimizes the potential impact of an error, of a malicious insider, or of an outsider using hijacked credentials.

Every business has different assets to protect and threats to mitigate, but a data-centric approach lets any business balance strong protection with the ability to innovate and drive the bottom line. It’s a more granular focus on what’s really valuable, and how best to protect it. And it’s a lot better than a body cast for every stubbed toe, or antibiotics for your upset stomach.