According to NIST Cybersecurity, confirming data-centric security is an important challenge to address over the next five years with an increased virtualization of the workforce in the post-COVID environment. As information sharing and global collaboration has become the new norm for today’s businesses, the challenges to ensure data security and regulation compliance also adapt new forms and warrants re-examination. The NextLabs white paper “What Will Data-Centric Security Look Like Over the Next 5 Years“ discusses the relevance of the concept of data safety compared to data security, examines the key areas to ensure data safety in the workplace, and provides suggestions on best practices.
Data Security vs. Data Safety
Traditionally, “data security” has been centered on safeguarding digital assets from potential threats and unauthorized access, locking down data to stop it from being shared. However, this approach is perceived as restrictive in the current highly collaborative digital environment.
The introduction of “data safety” aims to reconcile the need for secure information sharing without compromising protection by incorporating preventative controls into key business processes. Efforts should be made in various aspects to ensure a successful data safety management scheme. Here are some key aspects:
- Applications Run the Business: Applications are deeply integrated into key business processes and everyday life. Most business-critical data are generated and managed by applications, such as ERP, CRM and PLM. As these applications contain structured and unstructured data that flow internally and externally, it is crucial to implement appropriate controls to protect the most sensitive and valuable data at the source, which extends to protect data that flows from one application to another.
- Applications as Engines for Data Classification: Applications generate 80% of business-critical data that flows into unstructured environments. As data and applications are deeply entwined, the key to ensure data safety in applications is thorough understanding of the structure and types of data in the applications. Based on that, it is crucial to design a sound security program using a set of policies that are consistent and reuseable.
- Data Authenticity and Accuracy: Digital data is considered to be authentic if it proves to be uncorrupted since its creation, or if a digital object is what it claims to be. In an age of data explosion, institutions and public platforms increasingly value the accuracy and authenticity of data. Ensuring data authenticity not only equips companies with a competitive edge, but also fosters an amiable public data environment. Companies should take responsibility to safeguard their data authenticity by utilizing enterprise data logging tools and establishing standard procedures in data management.
- Identity and Master Data Management (MDM) Foundation: Most organizations already have an identity management system in place, which provides a large amount of metadata about users. On the other hand, the MDM system provides a consistent and uniform set of identifiers and extended attributes that describe the entities of the enterprise, such as customers, employees, locations, and projects. When used collaboratively, identity and master data management systems provide abundant data about users and all other key attributes of the business, which form a solid foundation for a potent policy management platform.
- Secure the Data Wherever it Goes: Business-critical data is often vulnerable to data breach and improper use because data access is loosely guarded and allows uncontrolled extraction and sharing of data. It is imperative to impose persistent safeguards and security controls on the data whether it is in or outside of the application. Enterprise Digital Rights Management (E-DRM) offers a solution to consistently protect data with automation regardless of where the data resides.
- Corporate Governance and Accountability: As more regulations and industry guidelines concerning data and privacy issues are expected to emerge in the coming years, effective corporate governance and accountability become increasingly important in meeting compliance requirements. Organizations need to monitor data activities and protect the data that is being shared during collaboration to ensure corporate governance and accountability. Thus, preventing wrongful disclosure and safeguarding information sharing should be a top priority to ensure data safety.
- Hybrid Cloud and Multi-cloud as a New Norm: As applications increasingly move to the cloud, the complexity in companies’ IT infrastructures and security, and compliance requirement also significantly increase. In response to this trend, organizations showcase their commitment to innovation and tailor technology stacks by extensively adopting public cloud platforms like AWS and Azure, and customizing private clouds within these platforms. Hybrid and multi-cloud come into the center stage, calling for a Zero Trust model that redirects focus from network-based perimeter security to data focused security models that safeguard sensitive data, applications, systems, and networks from the inside out. From a data safety perspective, organizations need to standardize data access management across different applications and platforms, while taking into consideration various data residency requirement, compliance mandate, and security standards they must adhere to.
To learn more about the future trends of data security and different scenarios, download the full white paper.