Companies need a data-centred security policy to cope with big data
Big data is all the rage at the moment but when it comes to security it shouldn't be treated in isolation from the rest of the organization.
According to a new report from research specialists Gartner, policies need to take account of all forms of data if security problems are to be avoided.
"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares", says Brian Lowans, principal research analyst at Gartner. "However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach. Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management".
Gartner recommends that CISOs need to collaborate with trusted team members across the organization to develop and manage their enterprise data security policy. This needs to define data residency requirements, stakeholder responsibilities, business needs, risk appetite, data process needs and security controls.
Access to public cloud services complicates things further with a growing need to monitor and audit data access. Most current security solutions don't offer the data-centric audit and protection (DCAP) approach needed to work in the same way across all data silos.
"First, CISOs need to evaluate current implementations of DCAP solutions against data security policies that address database, unstructured, cloud storage and big data silos", says Lowans. "Second, they need to identify gaps in the current implementation of their data security policies and review the risks with business stakeholders against potential DCAP solutions".
This will need stakeholders to take on ownership of the data in many cases and work with security teams to ensure that it's properly protected. Which in turn may mean putting in place new management structures to ensure accountability.
Gartner subscribers can access the full report and the security outlook will be discussed further at a series of Security and Risk Management summits to be held at various venues around the world later this year.