3 Reasons information security shouldn’t be an afterthought
As you assemble, manage or expand the IT infrastructure in an organization, there are a lot of moving parts to consider and decisions to make throughout the IT stack. During the process of selecting storage, compute, networking and your cloud approach, data security may not seem like a primary concern – but it should be. Too many companies make the mistake of either delaying information security conversations until the first time their data seems to be in danger, or completely segmenting the security conversation from core infrastructure decisions.
Today’s IT and security pros are tired of security being an afterthought, and as a result, the tides are beginning to turn. As evidenced by the agenda at the upcoming 2015 Information Security Summit (ISS) in Westlake, Ohio, more professionals across industries are sharing tips and strategies to invert the data security conversation and build its themes into the core of their infrastructure. My colleagues, including DataGravity Systems Engineer Gabe Maentz, will be heading to Ohio on Oct. 29 to participate in the sessions at the event and talk to other attendees about their efforts to streamline security and data management. We’re interested to hear how different experiences result in different takeaways. Before we leave for the show, below are three themes we’ve noticed in our customers’ work to build security into their storage and infrastructure, and reasons to take action about the process.
Common problem No. 1: Teams wait until it’s too late to fully consider security.
Some teams don’t think about a holistic strategy to manage security risks until they experience data theft. This is akin to waiting until the horse has left the stable to think about closing the door. Others view security as a segmented one-size-fits-all component that can be bolted on to any infrastructure. But with the complexities of today’s IT stack and the increasing sophistication of hackers, the reality is that security needs to considered, tailored, and implemented across your IT infrastructure – not just at the endpoints.
Common problem No. 2: Unstructured data isn’t part of the conversation.
Although many data breach stories focus on hackers gaining access to a customer database, protecting your structured information from an outside attack is just one part of an information security strategy. According to the Ponemon Institute, more than 70 percent of data breaches begin within your organization. At the same time, unstructured data represents 80 percent or more of your information assets, and it often hides valuable – and risky – information. If you’re suffering from unstructured data sprawl and your team is struggling to sort through your stored information, you’re already at risk of an employee mishandling data and causing a serious exposure. In your security plans, account for factors like human error, data management tactics and the entire data lifecycle.
Common problem No. 3: Different industries are treated as if they were created equal.
The agenda at ISS is packed with professional viewpoints and strategic conversations. Some of the sessions we’re most looking forward to will dive into the specifics of security for industries like healthcare, finance and government. Organizations in these verticals need to guarantee strict data security while upholding industry-specific compliance regulations, and it’s always valuable to learn more about how teams are taking on the challenges of each space.
In any industry, the effects of a security breach aren’t confined to the team that directly suffers the incident – the company is responsible for any partner, customer and employee data that becomes exposed – and companies in highly regulated industries often take this responsibility one step further.
Catch Gabe Maentz’s ISS session, “What’s in your data? How new storage architectures reduce security risks,” to learn more about infusing storage with security.1 Like