Exploring a data-centric approach to data privacy as cloud workloads proliferate
If your organisation, like many others, is putting more and more data into the cloud, you will already know that it’s probably making your security team have kittens. Greater amounts of data being transported in real-time – not to mention the vastly increased number of mobile devices and attack vectors – means the chances for catastrophe have proliferated.
A new study from data protection provider Virtru has looked at the steps for taking a ‘data-centric’ approach to data protection and privacy. The report, conducted by Forrester Research and which polled more than 200 director, VP and C-suite employees across security, risk and IT, argues organisations’ current IT priorities are conflicting – and that data protection is not high on the list.
Almost half (46%) of those polled said that they were adopting a data-centric approach to data protection - defined in the report as “abandoning traditional perimeter-based security strategies and focusing on securing the data… on peripheral systems, devices, [and] networks” - because they were putting more and more business data into the cloud. The same number said they were particularly concerned around protecting data from cybercriminals, as well as insider theft and abuse.
When it came to the primary capabilities organisations needed to execute data-centric protection, 85% of respondents said enforcing access control was either critical or very important. Encrypting data stored in cloud drives (79%), as well as encrypting data in motion and at rest within the enterprise (79%), were also highly cited.
The key issue in putting this important approach across is prioritisation. For those polled, the key aim this year is to deliver IT projects more quickly (45%). 41% said a major aim was to better comply with privacy regulations, while shifting resources to improve the customer experience (37%) and increasing the business’ role in defining the priorities of IT investments (35%) were also cited.
Naturally, there is an impasse between those who see the need for greater productivity in the organisation and those who see greater security. 39% said they feared data privacy controls would hinder productivity, while a third (34%) said their companies lacked staff with sufficient data privacy expertise. 30% said there was confusion around the differences between data privacy and security.
Yet there are a multitude of benefits to a data-centric protection approach. Almost half (49%) of those polled said the move would improve their organisation’s ability to meet regulatory requirements, while reduction of data theft (47%) and lowered risk of data loss (47%) were also key.
“As IT organisations seek to find ways to deliver on their initiatives more quickly and with a greater focus on regulatory compliance, many struggle to keep these two objectives from conflicting with one another,” the report concluded. “To address these challenges, firms are turning to data-centric data protection solutions, while seeking to overcome challenges with costs, use, and integration that can arise with onboarding new technologies.
“Putting data security and privacy front and centre will help firms realise numerous benefits like improved customer and partner relationships and lower risk of a data incident,” it added. “Failing to properly secure your data puts customer trust, the business’ reputation, and considerable revenues and potential penalties at risk.”
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » StackRox and Skybox reports warn of dire consequences if container security is not addressed
- » How public cloud will become the driving force for connected cars
- » How the rise of 5G will disrupt cloud computing as we know it
- » Why it's time to make continuous cloud security part of your developer journey
- » IT operations in 2020: Five things to prepare for – from AIOps to multi-cloud and more