perimeter security

Is data security possible without data integrity?

Data security is going through a fundamental shift. The change hasn’t been abrupt, but an end won’t be in sight until the way most companies approach security pivots once and for all. For example, many organizations still equate data security with perimeter-based protection and encryption. While both are key ingredients in building a secure environment, alone, neither can claim that it reduces security risks at a holistic level.

Recently, Steve Adegbite, chief information security officer at E-Trade Financial, discussed the role of data integrity in today’s security industry with Mike Mimoso, Threatpost editor-in-chief. As Adegbite explained, aiming for data integrity often involves expanding the traditional security conversation to consider daily business processes, third-party interactions and specific practices within industries.

For example, financial services data moves at a high velocity and is frequently handled by partner organizations. If a company internally encrypts its data and protects its perimeter, those layers of protection strip away as soon as data transfers to a third party. IT and security pros within the financial space need to work quickly, securely and in an innovative manner to keep business running.

To protect confidential data, regardless of its location, Adegbite’s team focuses on maintaining data integrity. Using solutions that render data inert if it crosses into the wrong hands, the team can stop transfers and uphold the environment’s overall security. However, in order for data integrity to resonate with a wider audience, companies need to find out exactly what’s in their data – and use that insight to protect confidential information.

As Mimoso and Adegbite point out, the concept of a perimeter surrounding data doesn’t hold up in today’s IT landscape, and encryption isn’t the end-all solution to data security. In financial services and many other industries, every action most companies take is driven by their data. Meanwhile, the security industry has evolved to focus primarily on keeping attackers out of closed environments. To innovate and evolve in the security space, companies need to shift their focus back to data itself. Only with data-aware levels of visibility can data stores become their own defense.

Read how one team updated its security approach for the modern threat landscape with data-aware storage.

1 Like
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.