5 things organizations do that makes data more vulnerable
Given the growing complexity of security issues that organizations are facing today, there will likely never be a time when security is easy. However, many organizations are making it harder on themselves. Here’s how:
1. Failure to manage and establish role and policy-based access controls through the lifecycle of data integration.
Organizations may have access controls in place for individual applications or services, but if these controls aren’t integrated throughout the data integration lifecycle, they run the risk of opening big holes. The ability to provide meaningful governance is greatly reduced, and lifecycle management metadata is difficult to surface, track and maintain.
2. Handing over the keys to the kingdom.
Much of the money spent on cyber security is to prevent hackers from getting past perimeter, network, end-point, and application security. However, little is being done to protect the data beneath these. This, of course, could give the hacker the keys to the kingdom when it comes to database information.
You need to make sure that their databases also support role-, policy- and attribute-based access controls. And, frequently, it’s not enough to do this at the table or document-level. You need the ability to apply access control at the field or data element-level. This is particularly the case when you’re materializing high value business information as entities in healthcare, financial services and government environments.
3. Securing systems but not data.
Everyone is concerned about breaches. It’s logical to do everything possible to track and prevent attempts to gain entry to networks, servers and applications. However, we are starting to reach diminishing returns on solutions designed to thwart access to enterprise systems. Most organizations are implementing SSL, TCS, HTTPS and PKI. All of this covers data in motion, but companies also need to consider data at rest by implementing technology such as advanced encryption. We can no longer create ecologies where there’s a hard shell and an exposed middle.
4. Misalignment of database technology with business goals.
One of the biggest challenges companies face today is aligning IT with business goals, especially since there may not have been a close collaboration between business and technology pros in the past. The result? Many companies have multiple bespoke and COTS systems accumulated over time. In these “silos of excellence,” different systems are sitting on different databases, with a culture characterized by multiple communities of interest, variable data sources and changing user requirements driven by real-time business conditions.
With this misalignment of database technology and business goals comes a misalignment of security needs and security controls. Leaders across the company need to come together for a frank—and ongoing—discussion about data security requirements and priorities.
5. Burdening application developers with data security.
Most organizations have an application-centric view on security, which puts undue burden on developers. But what if we looked at the problem through the lens of data management? In the context of an enterprise that has adopted a DevOps methodology, where there can be 100-plus releases a year, moving some of the data-centric security tasks from software engineers to the database can greatly increase productivity while creating a much more resilient and secure environment.
The data-centric approach may not be a cure for all common and egregious security threats, but it can greatly simplify protection and limit the paths that would-be adversaries can take.