Inverting the Data Security Conversation

The topic of data security is pervasive in nearly all technology conversations of late. Seemingly every other news article you read nowadays is about a data breach. Anthem Healthcare, Home Depot, Sony: the list goes on. The new reality is not “if” an organization will experience a data breach, but “when.” Many data security experts have expressed that the only truly secure data center is the one that is turned off. This sentiment is often echoed when groups of CISOs or CIOs get together.

Last week, I was invited to speak at such a gathering, a CIO Roundtable, on the subject of data security. The event was hosted by one of our valued channel partners, Stalwart Systems, who specializes in IT infrastructure and security. The event took place in scenic Asheville, North Carolina. Against this beautiful backdrop, we talked about the ugly world of data breaches. The attendees represented a broad spectrum of industries including banks, law firms, construction companies, contractors, universities, manufacturers and retailers. No matter which industry they belonged to, they were equally concerned with data security impacts to their organization.

My talk focused on the fact that managing data security (and all data assets) should be rethought. Traditional thinking, focusing only on concepts such as perimeters and policies when it comes to data security could leave you exposed. Organizations need to invert the conversation by starting at the point of data creation. Understanding what is stored in your data is the first step in protecting the data. In panning the room for audience feedback, I observed heads nodding, and questions rolling in, all wanting to know more about how this new concept, data-aware storage, could support their data security requirements. So many questions, that the conversation spilled over into the dinner event later that evening.

I challenged the room to think differently about their expectations of storage, and reset the bar from an unaware, bit bucket to an intelligent, data-aware storage platform that could tell them about their data, and add value to their business. The presentation focused on five key points:

  1. Every business and organization has sensitive and confidential information
  2. External threats are not always thwarted at the perimeter. Data breaches are more often caused by internal, not external threats, as inadvertent exposure of data does happen
  3. The consequences are high if a data breach occurs. Businesses must understand their risks and how to contain them
  4. To fully understand those risks, businesses have to first and foremost understand/identify what data they have that could be susceptible to loss or a data breach
  5. It’s possible for your data to understand and protect itself with data-aware storage

My presentation was immediately followed-up with a background on cyber threats and crimes by no less than an FBI cybercrimes special agent who is on the frontlines of the fight. The agent mentioned a number of interesting points including:

  • Government agencies can assist. Get the FBI involved upfront as a partner in the solution and not just as an authority. Oftentimes, these problems originate offshore, far from anyone’s ability to secure and protect.
  • The FBI is able to link problems across many different companies and industries to show patterns that are not visible to an individual in one company.
  • There is a new method for breaking into data centers invented every single day. For every hacker that is taken off the keyboards, two new ones emerge.
  • Hackers are using the telephone as a first wave of getting information from a company. Cryptolocker is a drop in the proverbial bucket.

The FBI session was very helpful, if not eerie, and all I could think of were Agents Mulder and Scully in the X-Files. A different kind of hacker (but I’m dating myself).

Stalwart’s CTO Jim Guido closed the session with a presentation where he noted the key to addressing cybersecurity threats lay in preparation and awareness of available technology options. All in all, it was a great event on an important topic that weighs on the minds of IT and business executives alike.

Want to learn more and learn how you can improve your ability as the guardian of your data? Download our new eBook to learn more.

John Joseph

John Joseph

President and co-founder of DataGravity, John Joseph leads company’s sales, marketing, operations and customer initiatives. John previously served as vice president of marketing and product management at EqualLogic, leading these functions from the company's initial launch through the successful acquisition by Dell in 2008. He subsequently served as vice president of enterprise solutions, marketing at Dell for three years after the acquisition.