​Gartner - State of Data Security 2016

Gartner’s Research Director for Data Loss Prevention (DLP) Brian Reed recently presented at the company’s annual Security and Risk Management Summit, held in Sydney. He discussed misconceptions and surrounding data protection a delivered a forward-looking strategic approach to data security for 2016 and beyond which includes endpoint DLP, network DLP, and data discovery and classification.

“Where is your data? The answer is cloud, mobile, data centres, servers, databases – all kinds of different places. It’s ubiquitous, it’s everywhere”, says Reed. “Data is also constantly moving and changing – it’s not static”.

Against this backdrop, Reed says the traditional approach taken to protecting data no longer works and not all data is equal or should be treated equally.

“Data has different value. Most organisations really end up lacking a true, risk-based focus on what data truly matters to them”.

Reed says it’s critical that IT security professionals work more closely with the business owners of data to understand which data has higher value and what concerns they have.

“Inconsistent data security controls exist based upon where data resides. By human nature, if we accept that not all data is created equal and accept that it’s residing in a lot of different places, that leads us to the conclusion that there’s going to be inconsistent data security control out there,” he says.

This is, in large part due to a lack of focus on “people-centred security” says Reed. He says getting data owners involved and actively creating a dialog with them is critical.

One of the issues is that many people have a flawed view of how data security works.

“The ‘put your data in a safe’ mentality is flawed. It’s a matter of using the right tool at the right time for the right type of data,” he says.

When looking at how data security governance is managed in many organisations, Gartner’s data suggests the vast majority of companies’ security governance function is dominated by IT and security professionals. Reed says this needs to change with line of business needing to take responsibility for data ownership and security.

“One of the biggest difficulties we hear from information security and IT organisations is getting the line of business to take ownership and acceptance that the data belongs to them”.

However, Gartner’s research suggests the balance between line of business and technical people involved in data security governance is changing. But it will require an active dialog in order for business data owners to become more engaged in data security.

As this dialog progresses and evolves, Reed says it will provide the business with an opportunity to use data security as a business enabler and differentiator rather than a blocker.

Data Loss Prevention

Not surprisingly, as the Research Director for DLP, Reed had something to say about the role of DLP.

“Regulatory compliance and intellectual property protection are going to be the two main use-cases that drive data loss prevention adoption typing back to business requirements,” he says.

One of the pieces of data Reed presented pertained to the use of discovery software being used by companies to detect when unsanctioned cloud services are being used to hold sensitive corporate data.

Reed says “17% of people surveyed are using cloud application discovery technology”.

However, with the increased use of cloud service brokers, Reed expects the number of companies deploying these solutions themselves will decrease, as they effectively outsource the activity. More companies will rely on third parties to support their DLP efforts rather than trying to do it themselves.

A key is understanding how data is actually being used. While data may start its life in one place, it might be exported, transported and imported into another application where it is used and potentially moved again.

By looking at specific use-cases, Reed says businesses will be able to better match the enterprise’s needs for data protection and security while enabling innovation and better business outcomes.

Join the CSO newsletter!

Error: Please check your email address.

Tags data securityGartner GroupGartner researchDLPdata privacyIT SecurityDLP securitydata protectioncyber security

More about DLPGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place