The pervasiveness of data and data-centric security strategy

Adam Strange, Global Marketing Director at Titus, by HelpSystems, illustrates the pitfalls of information security architecture and explains how shifting to data-centric strategies will protect data at file-level throughout its entire life cycle.

Regardless of what business you are in, a data security breach is an increasingly likely scenario that all businesses must mitigate. However, with escalating cybercrime, the widespread growth in Cloud computing, and the explosion in mobile devices and varying tech and app use amongst employees and partners, key aspects of enterprise security are now, and will forever be, beyond our control.

In fact, Gartner has forecasted that security and risk management spending worldwide will grow 12.4% to reach US$150.4bn in 2021. Even with that investment, the number of data breaches is increasing.

The pervasiveness of data and the complexity of the underlying environment continue to increase by orders of magnitude. Increased vulnerability around sensitive data is here to stay for all businesses. But for CISOs, is it merely a question of continually bolstering an organisation’s core defences—the systems, applications, devices and networks that enclose data?

The fact is that with more apps, more data, more networks, and more logins than ever before, sensitive data may be at risk out of sight and beyond the reach of security teams. As a result, gaps in security policy and the process will always exist, and a policy of ‘building walls’ with strong perimeter-based security, authentication, encryption and more will sometimes fail.

The Four Key Gaps In Information Security Architecture

There are four key gaps in information security architecture that revolve around employee and external partner behaviours and can only be remedied with data-centric security practice (and by engendering a solid security culture within the business). For CISOs, these pain points pose serious risks in terms of maintaining compliance and can create a reactionary environment of playing continual catch-up.

The Behavior Gap: Usability poses a significant challenge to CISOs. People want to find the fastest, most convenient way of doing something. In fact, human error is still the number 1 cause of data breaches in 2021. Sensitive files will be added to USBs or data copied to unsecured documents, secure FTP servers may be bypassed, and people may not always adopt the security processes in place.

The Visibility Gap: Sensitive data travels. Average employees send emails in their tens of thousands per year and many receive files they were not meant to see. IT Governance lists a staggering number of serious enterprise data breaches in March 2021 alone.

Who accesses data once it’s shared beyond a business’s devices, networks, and applications and how it is used is beyond your control and lies outside of your monitoring, auditing, and tracking technologies.

Where files and data are shared outside your organisation, the information’s nature cannot be tracked or audited once it leaves your server.

The Control Gap: Lost files or leaked information can go beyond an organisations control. Identity and Access Management, Mobile Device Management and Data Loss Prevention (DLP) systems help monitor and control employee access to data. But data that leaves the systems and networks within your sphere of influence is effectively out of your control.

Lost or leaked information can bear serious consequences with no way to shut down the information once leaked, and potential violations must be reported with implications around compliance.

The Response Time Gap: There is a time lag between the uptake of a new application or behaviour and the ability of CISOs to understand and respond. It’s what puts security teams into reactionary mode and can take weeks or months to identify, during which time you don’t know what’s happening with sensitive information.

Technology changes quickly, and in many organisations, employees bring their own devices, applications, and expectations of how to work. In addition, departments purchase applications and devices, which in turn generate more sensitive, proprietary information.

In a rush to get business done, security is often left to play catch-up, and security breaches may be the unintended consequences of this gap.

Security needs to operate at the speed of business, with the flexibility to adapt to the unknown. Your Response Time Gap may be measured in days, weeks, months, or quarters. The longer it is, the greater the risk of people taking measures into their own hands or sensitive data going untracked into new applications.

Closing the Data Security Gap with Data-Centric Security Strategies

Collaboration, innovation, partnerships, and business development are the behaviours that drive business growth, and all are dependent on trusted exchanges of vital information.

When these new unforeseen breaches take place, CISOs must respond by evolving from infrastructure-centric security measures with multiple layers of defence to data-centric approaches that protect what really matters: the data itself.

Data Loss Prevention (DLP) solutions, data encryption solutions and Digital Rights Management (DRM) tools often take a limited view of the data to be protected, for example, files on a server or emails leaving the network, and they still depend on the idea of walls—systems, devices or networks that enclose data.

Businesses need to be able to guarantee file-level security—to secure, track and share any kind of data, no matter where it’s stored or located, with robust policy enforcement, strong encryption, and strict access controls. Data-centric security solutions also enable employees to collaborate freely while ensuring a high level of security and visibility, and even revoke access to sensitive data that has been shared by email mistakenly. Further, by adding a cloud-based tether, access to data can be managed with access rights and the data decrypted if the person is approved.

READ MORE:

Data is the lifeblood of business and, by locking it down too tightly, business slows down and potentially diminishes its value. CISOs should adopt a data-centric security solution that secures sensitive data through its entire life cycle, everywhere it travels, no matter who has it or where it’s stored. By adding in this additional layer of security, data is protected in motion, in use, or at rest, inside or outside the organisation.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Luke Conrad

Technology & Marketing Enthusiast

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...