Rules of the road at the intersection of IT and security
After years of terrible accidents at a busy intersection near my home, the town recently installed four-way stop signs. The results have been interesting. After many months, some drivers still fail to notice those signs, and they plow through the intersection at full speed. Others seem paralyzed once they come to a complete stop. It is an endless game of “you go.” “No, no. YOU go.”
There’s lots of beeping. And the accidents have continued.
Why do otherwise smart people become so unhinged at intersections? Maybe because there are threats coming in from all sides (“Watch out for that Subaru!”) or because you have to get the timing just right to know when it’s your turn to hit the gas.
There have been similarly mixed results at the increasingly muddled intersection between IT and security. Who should take the lead in a space where security threats become greater or smaller depending on IT practices? Should the security team or the IT staff assume the role of backseat driver on questions of data protection and ecosystem vulnerability?
Perimeter security is still important, but it’s no longer adequate on its own. In order to secure personally identifiable information (PII) and other sensitive data, organizations need to protect that data where it’s created. For that reason, IT cannot put its engine in park when it comes to security matters.
If we carry this metaphor a step further, the street sign at this intersection might read “Data Awareness.” Data-aware solutions increase protection and eliminate threats – while clarifying IT’s role in securing the enterprise. To stay ahead of threats, IT teams need to ask:
- What data do we have?
- What data should we hold onto?
- What data should we get rid of?
- Where does our sensitive data live?
- Who is authorized to access that data?
- Where should we implement audit trails?
Answering each of those questions can get you much further down the road toward managing and securing storage in a way that is compliant with relevant regulations. Data awareness supports the kind of data visualization that can help detect anomalous user behavior and identify data breaches before they take hold.
As breaches take root deeper inside the life blood of victim companies – at the data level – it’s painfully clear that IT needs to play an active role in protecting sensitive information assets. When they do so, both IT and security teams can travel the same road together, furthering the needs of the companies they serve.
Is your data at risk? Get a free data security assessment to find out.Like This