Data Security And Privacy Are Critical Business Imperatives In The Data Economy
Hardly a week goes by without headlines about a breach of customer data. Less frequent, but just as alarming, are the publicly reported examples and allegations of intellectual property theft. Data security and privacy — and by extension, brand reputation — are front and center today and will quickly become a business differentiator for tomorrow.The question remains: How will organizations respond?
IBM commissioned Forrester Consulting to evaluate data security decision-making by security buyers and influencers, and what it means to engage in proactive data security and privacy efforts in order to address threats today and in the future. This study began in May 2014 and was completed in June 2014. Forrester developed a hypothesis that tested the assertion that enterprises today have many more stakeholders involved in data control, data governance, security, and privacy. However, despite this involvement, organizations approach data security in a very reactive fashion and often do not have a clear understanding about the value of their data.
In conducting surveys with 200 security decision-makers in the US, UK, and Germany, and having five in-depth follow-up phone interviews for additional context, Forrester found that while these companies’ data security efforts are primarily driven by compliance and tactical in nature, security teams have the attention of executives who are increasingly aware of and concerned about data security. These security decision-makers also place a high priority on helping securely enable big data and data quality initiatives — both of which have implications for revenue growth and customer experience.
Forrester’s study yielded five key findings:
- Data security efforts are policy- and compliancedriven. Compliance is necessary, and policies are an important part of data security. However, organizations that drive data security efforts based on policy and compliance put the business at risk by neglecting to take a more holistic and proactive approach to data security strategy. Remember: Compliance does not equal security.
- Firms do not understand what is sensitive data. What is sensitive data to the organization? And does the entire organization share a common understanding of what constitutes sensitive data? In order to protect data, we must first understand (or know) our data.
- Proactive data security goes beyond technology implementation. Technology is only one part of the equation. People and processes matter. Data privacy and security are conjoined concepts that require coordination between people and processes to successfully address these concerns.
- Many firms struggle with data security and are not mature in measuring the success of data security initiatives. The transition from network and devicecentric security to data-centric security is new to most enterprises. There is a significant cultural shift that must take place in order for organizations to mature their data security practices.
- For better or worse, breaches are an organizational catalyst. As a direct result of a data breach, 45% of firms implemented new security controls and policies, and 42% said that security and privacy have become bigger topics of discussion. However, 35% also indicated that the breach caused a lot of disruption in the organization, with 18% of companies laying off employees as a direct result of a breach.
Download the whitepaper at: http://newenterprisetechnologies.org/proactivedatasecurity/