INDUSTRY WATCH

What does ‘ proper ’ data security look like ?

AR : A big part of ‘ proper ’ security involves making sure that access to data is exclusive , that everyone has sufficient privileges to do their job and ^{access the data necessary for legitimate}

business purposes . Nothing more , nothing less . I think that ’ s kind of the core fundamental building block that everything revolves around .

DW : I see three components to data security and the engagements that we have . There ’ s the access governance , which is obviously a business of Stealthbits . We typically see classification of data and the Data Loss Prevention ( DLP ) side of it as well . And we see Stealthbits at the front end , because the access to the data , who granted it and who ’ s interacting with it is something that you need to really have visibility and a handle on before you do the second two stages .

SM : Data governance is one of the most important parts . Also , the audit element is very critical for customers . And of course , you must have full control over the platforms .

CE : For me , data security is a process of protecting files , business data or an account on a network , for example , by adopting a set of controls , applications and techniques that will identify the relative importance of these different data sets – their sensitivity and regulatory compliance requirements , and then applying appropriate protections to secure those resources . Proper data security is one that embodies the core elements of data security , which are confidentiality , integrity and availability . Of course , we know confidentiality ensures that data is assessed only by authorised individuals , integrity ensures that the information is reliable as well as accurate , while the last component , which is availability , ensures that data is both available and accessible to satisfy business needs .

What kind of challenges are Stealthbits customers in this region facing right now ?

AR : One thing that we see frequently when we engage with a new organisation is over-provisioned access to data . So the big challenge is when people move within an organisation or leave the organisation , keeping up with the necessary changes to their privileges to the various different resources , be it unstructured data , structured data on-prem in the cloud or collaboration platforms . We tend to find that people have access to data that they don ’ t need and they don ’ t know where to start remediating that problem . So that ’ s usually the first thing we address and we come in and do an assessment with a new organisation . We see all this overprovisioned access and we start giving them a map of how to get it down to an appropriate alignment .

DW : Enterprise and businesses have gone through the accountability and the visibility of what their users are doing with applications within the organisation , but the data side of the business has not really been addressed yet . We only need to read the press to see this is where the attacks are typically happening . When we go and engage with customers , it ’ s almost quite alarming to see the lack of control and the lack of visibility and the lack of understanding these businesses have over their data , and who ’ s got access to it , which is a big concern and something that businesses need to address . www . intelligentcio . com INTELLIGENTCIO

65