As more organizations continue with digital transformation plans, their ability to be good stewards of the data for which they are responsible becomes more difficult. They are generating more data, more data types, in more repositories, in more and different architectures.
Every day, organizations create more data logs in the course of their digital business processes. Over time, this “dark data” becomes more difficult to keep visible and secure. Unsound internal data management practices can leave sensitive data unaccounted for. DevOps teams and DBAs use “shadow IT” and “shadow data” to test applications in cloud-hosted architectures outside their IT framework. These activities, all carried out in the name of progress and innovation, create serious challenges to data governance.
Good data governance ensures your organization can manage the availability of your data through privileged access control, the usability of your data, the integrity of your data, and the security of your data. As we have seen, doing this in the age of digital transformation is dramatically more difficult and, in most cases, impossible to achieve using traditional tools and methods. What can your organization do to enable effective data stewardship, support innovation, and automate compliance while moving at the speed of the cloud?
Effective data stewardship literally starts and ends with effective data security. In this post, we’ll look at seven data security imperatives you must implement to ensure effective data stewardship and what to look for in solutions purporting to provide them.
- Gain complete visibility into your data repositories. Sensitive data can be anywhere and in any format. Structured, semi-structured, and unstructured data; on-premises or in cloud-managed environments; dark data or shadow data. You are responsible for it all, so you must be able to see it all. Your solution must account for this. You must be able to see all formats, in all places, all the time – from a single source to continuously monitor your complete data repository. Not only is this fundamental to data security, but it is also fundamental to data governance.
- Scalability. If there is one thing the last three years have taught us, we will continue to generate exponential volumes of data. You must be ready to manage it when you create it. As you adopt and implement cloud-managed environments to handle innovations and new workloads, your data security solution must be able to incorporate those data repositories into your existing data estate. Also, your solution must provide inexpensive data retention capacity that enables you to do forensic data analysis and deliver audit data for compliance reporting with little impact on your system.
- Data discovery and classification. This is critical to data security because, in the event of a data breach, you need to know what and how much sensitive data has been exposed to bad actors. It is also critical to data governance because understanding the nature of your data ensures its usability and integrity. Your solution must be able to discover and classify structured, unstructured, and semi-structured data across all data repositories.
- Tightly-controlled data access privileges. Knowing who and to what degree people have sensitive data access, is a fundamental pillar of your data security strategy. You must actively discover and manage privileged accounts and sensitive assets to maintain complete visibility and control. Establish policies that define legitimate behavior for the privileged user. Your solution must, in real time, automatically identify actions that violate policy. It must also identify all sensitive actions and verify they are authorized. When violations occur, your solution must block suspicious activity or send an alert. Further, your solution should enable you to analyze anomalous behavior and determine malicious user activity that causes the atypical behavior.
- Efficient compliance reporting. Demonstrating data compliance is part of data governance, but not all of it. In nearly all high-profile data breaches, the victim organization was in data management compliance. Your solution should make it easy to automatically generate reports that reveal who is accessing data, why they are accessing it and how they are using the data. This level of transparency enables you to act on anomalous behavior beyond what compliance rules require.
- Secure third-party services. If your organization shares sensitive customer data with third parties, it’s still your responsibility to secure it. To maintain the integrity and security of this data, you must ensure that your partners’ data security and privacy practices are aligned with your own.
- Mitigate insider threats. Insider threats can be difficult to identify or prevent since they are often invisible to perimeter security solutions like firewalls and intrusion detection systems. Nevertheless, good data governance means managing this risk effectively. In addition to continuous employee education, your solution must provide anomalous behavior discovery and rigorous, automatic enforcement of privileged data access so your incident response teams can efficiently mitigate insider threats.
If you have not looked critically at how your data security posture and practices impacts your capacity for effective data governance, now is a good time to do that. Governing bodies are making compliance regulations more rigorous, we are in the midst of a data explosion, and the degradation of perimeter security has forced most organizations to take a data-centric approach to data security. This is not just a smart way to manage and secure unprecedented volumes of data, but also to ensure you remain good stewards of it.
Try Imperva for Free
Protect your business for 30 days on Imperva.