The looming deadline for the General Data Protection Regulation (GDPR) continues to drive CIOs and CISOs to review their data protection strategies. To comply, executives are diligently working with their security teams to improve data protection policies and safeguard technologies.
While GDPR can certainly incent organisations to act in order to avoid negative financial consequences, it also can motivate them to make positive changes. The regulation comes at a time when technological advances and the rapidly growing popularity of mobile and flexible work styles have rewritten the rules for corporate data security. In the age of digital transformation, GDPR represents an opportunity for businesses to proactively change their thinking around data security and ensure their most critical files remain safe.
Data is on the move
Traditionally, enterprise technology was designed around a central data repository — the data centre or server room. This was the hub of all computing activity and generally operated on an on-prem basis. Times, however, have changed. Data has moved outside traditional security perimeters. In fact, Code42’s recent CTRL-Z Study revealed that IT decision-makers globally believe that as much as half (and in the U.S., as much as 60 percent) of corporate data is now stored on endpoint devices, such as laptops and desktops. This data shift from the data centre to endpoints is being driven by changes in the working routines of employees.
According to the CTRL-Z Study, at least one in 10 companies employing 500 or more employees have workforces that are on average made up of 60 percent knowledge workers. These workers “think for a living” and create great volumes of data, which are often shared and stored outside of the traditional security perimeter. These work styles, while helpful for productivity and work/life balance, are creating data protection challenges. Data created and stored outside the data centre is not only hard to track, but also hard to protect. And yet, an open, collaborative environment is the future for all companies moving to cloud-based tools.
To protect their company data, businesses with highly distributed workforces often jump to encryption as a security solution. Encryption is brilliant in the event that data is lost or stolen. It provides a level of protection. Unfortunately, it will not protect a company from more sophisticated modern threats. Today, malicious actors will lie in wait for months to syphon off data or deploy APTs that will compromise critical information. Encryption will not provide enough protection for data in these scenarios. Nor will encryption protect data from malicious insiders who decide to move corporate data to personal cloud drives or an external storage device. What organisations really need, especially ahead of the GDPR, is complete visibility over the movement of data at any time and anywhere. Fortunately, this is also exactly what is required as businesses move into digital transformation.
Data visibility is the key to data security
Although data visibility is a topic that should be routinely addressed inside organisations, it often is not. The important question for businesses to ask in this era of GDPR and digital transformation is: “How can we quickly increase data visibility to ensure security and compliance, now and in the future?”
Attempts to ward off external threats by “building walls” or locking down the enterprise are not only outdated, they are dangerous. Traditionally, the first port of protection was the implementation of a preventative antivirus solution. This is still necessary, but it’s no longer enough. Antivirus solutions, although still essential in the security stack, will not safeguard the modern, porous enterprise. After all, how can you protect what you can’t see?
CIOs and CISOs must start to focus on prevention and recovery-led strategies, and leave prevention-only approaches behind. IT leaders also need to ensure that data visibility is built into the very fabric of the security stack. The ability to monitor data movement and detect anomalies in data usage patterns – whether on-prem or on an endpoint device – is essential. A multi-layered approach to security can act as an early warning system if it includes the right recovery solution. Each block in the security stack must enable IT departments to identify and overcome threats as well as switch strategies to mitigate risks.
Should a data breach occur, visibility offers even more benefits. It will help businesses identify weak points in data defense and help security teams shore up similar vulnerabilities. The very best data visibility solutions today allow businesses to identify issues within a matter of minutes and alter their approach accordingly.
With GDPR on the horizon, retrospective visibility has never been more critical. Organisations need to ensure that their IT and security teams can identify the source of failure in their data protection strategy and report on it – or face huge fines. The financial impact of the GDPR fines, however, may pale in comparison to the costs associated with losing the trust of loyal customers.
In the last 20 years, there’s never been a more important moment to take proactive actions to ensure data protection in the enterprise. There’s also never been a better opportunity to reevaluate security posture. To safeguard and gain visibility to data as well as avoid GDPR penalties, businesses must act today and pay attention to the evolving data protection horizon. By doing so, they will be well-positioned for the increasingly decentralized future they are bound to face.
Richard Agnew, VP UK, I & Northern Europe at Code42
Image Credit: Wright Studio / Shutterstock