It’s that time of year, publications and social are flooded with numerous articles on 2017 security predictions, trends and priorities. Publications such as eWeek, SC Magazine and Dark Reading have predictions ranging from the obvious to the obscure. I find these articles interesting and entertaining; but I would love to see score cards year-to-year on who, got what right!
So under that light, I will take a slightly different angle on 2017 prognostication. My domain is data security and will focus on what could help data security in 2017. Instead of predicting what may or may not happen, let’s suggest what organizations may consider as key performance indicators (KPIs) of their data security efforts. My suggested KPIs reflect current challenges, upcoming legislative requirements and recommendations to help organizations protect their legacy and their transformative Cloud and Big Data initiatives.
So here we go: Here are three KPIs that could help most organizations create a more secure, breach resilient and lower data risk data infrastructure:
- Sensitive Data Location and Risk: This may seem obvious that organizations should have a current and accurate inventory of sensitive data. However, in a 2016 study conducted by Ponemon Institute, Scale Ventures and Informatica, only 12% of organizations said they knew where all the sensitive data existed across the enterprise. So Data Security KPI 1 for 2017 is understanding where sensitive data exists, continuously, to improve the prioritization and effectiveness of security programs and investments.
- GDPR Data Risk: This may be the year for GDPR; with May 2018 getting closer and closer, many organizations are underway for compliance, but much more is need to understand gaps. So Data Security KPI 2, access GDPR risk with relevant factors that will help you prioritize GDPR efforts and actions. Risk factors would include location, protection, cost, user access and activity, data movement and data volume. The risk scoring would be tuned to organizational GDPR policies; the key is automation of the data-risk scoring process for a continuous and accurate view of your GDPR risk scores.
- Detect and Protect: To help improve breach resistance and recovery, organizations should strive to automate the detection of high-risk data access or movement and the orchestration of remediation. So KPI 3 for 2017 is to create foundational capabilities in the automation of ‘Detect and Protect’ for sensitive data. While related to KPIs 1 and 2, Detect and Protect differs in that it defines an overall strategy and the tactics that could help organizations automate data security. Key is to obtain or develop a solution automates key capabilities and leverages current security infrastructure:
- Confirm what you know about their sensitive data: Global visibility of sensitive data with data classification, discovery, proliferation analysis, user access, and activity correlation and visualization for management and practitioners.
- Monitor risk on a continuous basis: Track sensitive data risk and remediation with risk scoring based on multiple factors that identify top risk areas based on organizational requirements.
- Uncover the unexpected: Detect suspicious or unauthorized data access by continuously correlating, base-lining, detecting, and alerting on high-risk conditions and potential anomalous behaviors that threaten sensitive data.
- Remediate risk: Orchestrate data security controls to protect data at rest, prevent unauthorized access, and de-identify/anonymize sensitive data.
Where to Learn More
- Informatica's CTO, Bill Burns will be discussing 'Advancing Information Risk Practices' and 'Cloud Security Assessments: You’re Doing It Wrong!' at RSA 2017 in San Francisco.
- Along with that, Informatica will be showcasing its 2017 Data Security solutions.
- Informatica's Data Security solutions have been named as finalists in several categories for the annual ISPG Security Awards.