It’s clear that organizations understand the many consequences of sensitive data leakage, proven time and time again in the last few years through damning reports, high regulatory compliance fines, and loss of brand confidence, to name a few. While many recognize the business need to ensure sensitive data remains secure, the process to successfully protect that data is often not as straightforward.
We’ve sat down with Steph Charbonneau, Senior Director of Industry Strategy at Fortra, to talk through some of the most valuable aspects of data protection, and how to measure success of your organizational programs. Undoubtedly, data protection is not a one-size-fits-all model, but the following tips and tricks may provide guidance on how to better support your organizational data security goals.
Outlined in the four questions below, you’ll find answers to help guide your organization in its journey to a robust and secure data protection solution.
How does an organization start the process to protect sensitive data?
The most important thing a business can do to begin the process of protecting their sensitive data is approach this challenge from a business perspective. While starting with the technology stack may seem like a quick win, to truly understand the best mechanisms for data protection, organizations must consider business and compliance risks associated with valuable data. They must also consider desired outcomes for the business – what would be considered a success when it comes to data protection? It’s easy to feel overwhelmed by this, as the issue is large, but it’s vitally important that these practices get universally adopted within your organization, so a step-by-step approach is valuable to make sure your protection is being implemented correctly.
What are the main components organizations should consider?
To truly secure sensitive data, organizations will need to understand the flow of data. How is it coming into your organization? How is it moving through our organization? Which departments are touching the sensitive data on its journey? How is it sitting within your organization (consider ROT – redundant, obsolete, and trivial data), and how is it leaving your organization and being shared externally?
This valuable information will help your organization determine at which points it is vital to implement tools and controls to enhance protection. Keep in mind that data protection remains a balance between the need to protect sensitive information, while ensuring the needs of the business are met and workflows don’t come to a standstill. By understanding how your data moves, you can better understand where you must focus your energy to create the most appropriate security ecosystem for your organization.
Once an organization understands where it needs to protect data, what tools should be considered to accomplish this?
There is a wide breadth of tools available to organizations to protect their data. Organizations should consider these key aspects of their tools when evaluating what would work for them:
-
Will the tools we are looking to put in place address the flow of our data?
-
Will these tools provide visibility into the sensitive data we have, and controls to better protect it?
-
Will these tools allow for both automated and manual data protection, depending on the needs of our business?
-
Will the tools we are looking to implement work together to create an even more robust solution to protect our organizational data?
Tools such as Data Classification, Data Loss Prevention software (DLP), Encryption, Secure File Transfer, and Digital Rights Management are great steps in the right direction of securing organizational data. The key is to find solutions like these that can talk to each other, and work in conjunction, to provide the most successful security ecosystem.
How can my organization measure success of data protection?
Going back to one’s original goals is a great place to start to be sure you are successful in your data protection journey. Are you accomplishing what you set out to accomplish to mitigate business and compliance risks? Have your implemented solutions been adopted by those intended for it (end users, for example, assuming they are involved)? Do you feel you have better visibility into your data, and understand where it lives and how it’s moving through your organization? Do you feel you have the appropriate controls in place for auditors? These are some key indicators that you are on the journey to a successful and robust security ecosystem.
Keep in mind that the threat landscape is ever evolving. It’s impossible to create a “set and forget” solution for data protection, and an organizations’ measures for success must also therefore be ever evolving. It’s incredibly important for businesses to partner with solution providers who understand the evolving threat landscape and are a steadfast partner in the continued evolution of data protection.