Yesterday’s security measures powerless against today’s threats

Former Symantec CIO Mark Egan explains how to stay ahead of increasingly dramatic breaches with an enterprise data security strategy.

“The hardest part about data security isn’t selecting the right technology but training your people.”

—Mark Egan, partner at “CIO for hire” consulting firm StrataFusion and former Symantec CIO

The age-old practice of sealing a system’s perimeter, then adding layer upon layer of security, is no longer a viable approach to data security. Many enterprise data security breaches aren’t reported. But when they are, it’s clear the sheer scale, speed, and sophistication of the attacks seem to be growing1.

“We’ve gone from annoying viruses like ILOVEYOU to nefarious malware that steals credit cards and intellectual property,” says Mark Egan, a partner at “CIO for hire” consulting firm StrataFusion and a former Symantec CIO. “Attacks today are so much more sophisticated.”

Building a moat or fortress around enterprise systems worked when attacks consisted of subject line email attachments. However, Egan warns that phishing scams and other social engineering techniques have raised the stakes, forcing IT leaders to rethink data security.

“These days, you have to protect your data and your information, not just your enterprise,” he says. “It’s a much more data-specific approach than what we had in the past.”

Egan, who authored The Executive Guide to Information Security, offers three strategies for keeping hackers at bay and sensitive data secure.

  1. Factor in the human. Savvy CIOs take a holistic approach to data security that encompasses people, processes, and technology. “The hardest part about data security isn’t selecting the right technology but training your people,” Egan says. For example, he points to the time a hacker infiltrated a major computer and network security firm by tricking an employee of the company into opening a phishing email. In an era in which even one of the world’s top computer-security companies isn’t safe, Egan warns, “you need to make sure your employees are trained.”
  2. Plan ahead. Planning ahead is critical to properly safeguarding data. For most people, that means ensuring security incident response and disaster recovery processes and business resumption programs are in place. This ensures that systems get up and running quickly in the event of a breach. 
    But Egan argues that it’s more important for companies to take time to determine when their systems are most vulnerable. For example, a financial institution that conducts 20 percent of its business in the second quarter of the year should take extra precautions around this time.
  3. Beware of regulations. The loss of confidential data isn’t the only thing that’s at risk if a security breach occurs. Consumer, financial, and health information is governed by a variety of industry and governmental data privacy regulations. If an organization fails to protect certain sensitive information, they risk facing hefty financial and legal penalties. Companies also risk a loss of consumer and market confidence. 
    To optimize compliance with global regulations, Egan recommends that IT leaders familiarize themselves with the details of government regulations and global requirements. “If you’re in a regulated environment, you have to know and be attuned to data privacy laws,” he says.
  4. As security threats become increasingly sophisticated, IT leaders are facing an interesting challenge: how to rethink their approach to security. Luckily, by training employees, planning ahead, and gaining a deeper understanding of government regulations, IT leaders stand a better chance of outsmarting hackers.

    See the “Gartner Magic Quadrant 2013 for Data Masking Technology” report for more on data security.

Related content



UPMC used a collection of Informatica products to improve research outcomes in the quest to cure various diseases


Converting raw data into business intelligence

Healthcare organizations that consolidate and integrate disparate data sources can unlock valuable insights for business users.


3 considerations for CIOs in the age of BYOD

Is your company equipped to contend with the complexities of managing employee devices? Find out how you can keep your data secure.


3 ways to ensure 'alignment' is more than a platitude

You can no longer merely talk about aligning IT with the business. You need to take actionable steps to change the skills and culture in your organization.