Digital transformation is causing massive turmoil and forcing organizations to change how they protect their data.
451 Research data presented in the Thales 2018 Data Threat Report shows a continued rise in data breaches, with 67% of the 1,200 global study respondents (71% in the U.S.) reporting that they have been breached.
This backdrop sets the stage for the recent SecureWorld web conference, Best Practices for Solving Global Data Security and Privacy Challenges, which is now available on-demand.
Tara Khanna leads Accenture's global capability in Application Security, and she kicked off the discussion by looking at a major challenge faced by enterprises.
"The big question lots of companies have today is how do you create a security posture to protect your data, without impacting the businesses."
An adequate solution, she says, must include these four things:
- Visibility
- Availability
- Productivity
- Speed
On top of these requirements, data security frameworks must also consider a large number of users, including, but not limited to: the CISO, security management, security operations, data consumers, data owners, and data custodians.
Khanna adds that looking at business alignment on what should be protected will help users understand the value of protecting your most crucial data, a process that can be expensive.
Rick Killpack, Director of Global Service Providers at Thales eSecurity, likes talking about the layers of risk. "When you're looking at your data security strategy and you're looking at your threat landscape, it's very, very important you look at all of the layers."
His chart below shows the highlights of the attack surface, risks, and associated exposure.
Killpack says there is no question that encryption is a key tool in decreasing the attack surface and increasing your confidence that you are in control of the security of the data you place in the cloud.
Encryption works with other tools you likely have in place. The combination will enable robust data security and compliance.
And understand that it is a process.
"We've seen customers spend millions of dollars and years of work to develop a perfect data classification system that covers everything and ensures access. Don't boil the ocean. Start with something and then build upon it, rather than trying to come up with a perfect solution to start with."
Juan Asenjo, Sr. Solutions and Partner Manager at Thales eSecurity, picked up the conversation around the threat to cryptographic keys and the need for proper enterprise key management.
"While organizations are adopting new technologies to transform operations, hackers are also taking advantage of those new approaches. That is why managing keys
"Hackers not only steal files that contain the data, they are now going after the encryption keys that unlock them."
So what's key to key management? Asenjo says the keys must be protected and readily available.
How does this happen? Through best practices that implement both data security platforms and hardware security modules.
These are just a few points from an extremely relevant web conference that is now available on-demand.
You will appreciate the presenters' best practice guidelines on implementing a comprehensive and compliant data security strategy for your on-premise and cloud application data.
A strategy that also preserves business productivity.
Earn
