Is it getting easier or more difficult to lock down data in today’s digital enterprises? Industry leaders have mixed opinions on the state of that challenge. Cloud vendors promise industrial-grade security for backend applications and data, while at the same time the move to cloud increases complexity.
The rise of SaaS and other cloud-native applications “have made it easier to produce, use, and keep more and more data,” said Reza Morakabati, chief information officer at Commvault. “However, the proliferation of data onsite, at the edge, and in the cloud has also made it much harder to protect, manage, and ensure the data meets our business needs and our security and compliance requirements.”
The removal “of any form of perimeter from most organizations due to the growing preference for cloud and SaaS over internal infrastructure has made it much harder to keep control of data,” said Graeme Cantu-Park, CISO at Matillion. “This has been coupled with a growth in digital literacy across all business functions and a general decentralization of IT services. Managing data is becoming increasingly more complex if we are to enable innovation and speed.”
The growth of data volumes and variety doesn’t make the job much easier. “The more there is of something, the harder it is to control—and this is especially true for data,” said Roger Barlow, principal product manager at DataStax. “Data growth isn’t just more of the same data.” Over the past decade, “we saw the introduction and rapid growth of new technologies like NoSQL databases, MapReduce, machine learning, and artificial intelligence, which either consume or help manage vast amounts of data. These technologies are the building blocks for a myriad of apps and devices that revolve around enterprises and the data they generate. With so many different types of data from so many different sources on so many different platforms, it’s only logical that the challenge of securing this data has also become more complex.”
Add to the mix the countless legacy systems that still populate the data center landscape, said Aron Brand, CTO of CTERA. “Many organizations still rely on legacy systems and applications that were not designed with security in mind, and are therefore much more vulnerable to attack,” he said.
There are trade-offs involved, which “come with a cost in the form of convenience for end users,” said Casey Quinn, attorney with the cyber law practice at Selman Breitman. “This makes the decision of what measures to implement a delicate balancing act. If you do too much you may hamper productivity—do too little and you may find your data an easy target.”
Companies are building and managing “increasingly complex data management landscapes,” said Jens Graupmann, senior vice president of product and innovation at Exasol. “As a result, many companies have a hard time seeing where users can access which data. This is a consequence of data democratization, which must first be steered back into controllable channels through proper processes and technical means.”
Because of this, “it’s become more complex to know where your data is at all times and ensure its security,” agreed Laura Sellers, chief product officer at Collibra. “Many companies have felt the pains of mismanaged data from not properly securing and tracking customer information, with a hefty financial penalty. Visibility into where your data goes and whether it’s safe is imperative.”
The remote work movement has also added a whole new dimension to the complexity. “Data is often spread across multiple remote locations, making it hard to maintain tight control over it,” said Brand. “Sophisticated cyber-attackers typically penetrate the enterprise through weakly-secured remote locations or home workers, and then lurk in the shadows for months, gradually and quietly moving laterally to gain access to increasingly sensitive projects and locations, before delivering the knockout blow by planting ransomware or exfiltrating data.”
COMPLIANCE DELIVERS BUSINESS ADVANTAGES
Beyond avoiding penalties, there are tangible business benefits of adherence to data compliance—and this starts with security. “Done right, adherence to data compliance benefits your bottom line,” Quinn said. “Regular assessments of your data protection and privacy measures ensure minimal waste of resources while giving you peace of mind.”
“The ability to market yourself as being in compliance certainly defines a benefit,” Grant Fritchey, advocate with Redgate Software, said. “However, if you have done your due diligence to be in compliance, the biggest benefit is the protection all that work is going to afford your business. A data breach, data loss, and all the subsequent down time, all that is worse for the bottom line and your reputation than the penalty afterwards. If anything, the penalty is just adding insult to injury.”
Trust is another important benefit of compliance. “If your company is flagged for being noncompliant and having subpar data management practices, it will severely impact your business reputation,” said Sellers. “You run the risk of losing customer trust. Strong compliance will demonstrate to consumers that their personal information is safe with your company.”
Data compliance and governance “ensures that companies align with legal and government regulations as well as enterprise rules,” said Dave Russell, vice president of enterprise strategy for Veeam. “Beyond helping companies avoid penalties, data compliance gives business owners a framework for operation and implementation; it elevates your security posture by eliminating fragmentation and minimizing the possibility of a breach; in doing so, it leads to customer trust in business services.”
Ensuring data privacy builds trust with customers—“deepening, strengthening, and extending customer relationship,” said Mandy Pote, senior director of strategy, privacy, and risk at Coalfire, a cybersecurity consulting firm. “While the cost of data privacy is increasing with the introduction of new U.S. state privacy laws, the return of investment will be fruitful through a consistent customer base.”
Alignment of information is another important benefit associated with compliance initiatives. “Different or wrong answers to the same question exist in your company,” said Graupmann. “This is harmful to any data-driven company, because regardless of whether a metric is correct, the entire company should be aligned with the same data. If different parts of the company are working with incorrect data, then in the worst-case scenario, compromised data integrity will lead to business failures and reputational damage.”