ALTR recently hosted a roundtable with CISOs and IT decision makers to discuss the question “why is data so hard to protect?” This diverse group of participants shared their personal experiences and challenges around keeping data safe along with the new struggles remote work brings to the table.
Despite some dramatic differences in the attendees’ experience and industry, several common themes emerged around why data is hard to protect:
- It’s difficult to know where all your sensitive data is stored. This is a problem we encounter with nearly all our customers, and because data gets frequently moved around for business reasons, it’s very hard for those who are accountable for its security and privacy to track it.
- The current environment has dramatically ramped remote access to data. One attendee managed all of IT for a large public-school system where she had a security strategy heavily reliant on locking down data access to the local on-premise network for different schools. Overnight that strategy had to transition to a completely remote access scenario.
- New, innovative (SaaS) software forcing data protection to transition from direct accountability to vendor oversight. Most of our attendees are finding that in order to continue to innovate with technology, they are forced to incorporate cloud services or software that are delivered as a service. As such, they become responsible for how their vendors are handling data and must develop processes and technology to oversee how their data is being protected by others.
So, how do you keep data both safe and accessible to those who need it to do their jobs? And how do organizations address these challenges listed above?
To start, it’s difficult to know where all your sensitive data is stored. A recent Information Age study showed that 82% of companies admit to not knowing where their data is located – even sensitive data like personal addresses and banking details. If an organization doesn’t know where the data is stored, then how can they expect to protect it? The ability to observe your data is an absolute must, not only to protect it but to gain insight around how it’s being consumed in order to create policy and to actually utilize its value to become a more data-driven enterprise.
More recently, as we all know, companies have had no choice but to move toward a remote work model -- that means the traditional strategy of locking down data access on-premise is no longer an option. More remote access means the risk of credentialed access compromises has increased. Now having observability into who is consuming what data, and real-time control over that consumption, becomes ever more critical.
Do you relate to the same concerns that the participants in our roundtable listed? Are you one of the 70% of organizations that are struggling to adapt to this “new normal” in data security (TechRepublic)? Maybe it’s time to chat.