Implement A Proactive Strategy For Data Security

Data Security And Privacy Are Critical Business Imperatives In The Data Economy

Hardly a week goes by without headlines about a breach of customer data. Less frequent, but just as alarming, are the publicly reported examples and allegations of intellectual property theft. Data security and privacy — and by extension, brand reputation — are front and center today and will quickly become a business differentiator for tomorrow.The question remains: How will organizations respond?

IBM commissioned Forrester Consulting to evaluate data security decision-making by security buyers and influencers, and what it means to engage in proactive data security and privacy efforts in order to address threats today and in the future. This study began in May 2014 and was completed in June 2014. Forrester developed a hypothesis that tested the assertion that enterprises today have many more stakeholders involved in data control, data governance, security, and privacy. However, despite this involvement, organizations approach data security in a very reactive fashion and often do not have a clear understanding about the value of their data.

In conducting surveys with 200 security decision-makers in the US, UK, and Germany, and having five in-depth follow-up phone interviews for additional context, Forrester found that while these companies’ data security efforts are primarily driven by compliance and tactical in nature, security teams have the attention of executives who are increasingly aware of and concerned about data security. These security decision-makers also place a high priority on helping securely enable big data and data quality initiatives — both of which have implications for revenue growth and customer experience.


Forrester’s study yielded five key findings:

  • Data security efforts are policy- and compliancedriven. Compliance is necessary, and policies are an important part of data security. However, organizations that drive data security efforts based on policy and compliance put the business at risk by neglecting to take a more holistic and proactive approach to data security strategy. Remember: Compliance does not equal security.
  • Firms do not understand what is sensitive data. What is sensitive data to the organization? And does the entire organization share a common understanding of what constitutes sensitive data? In order to protect data, we must first understand (or know) our data.
  • Proactive data security goes beyond technology implementation. Technology is only one part of the equation. People and processes matter. Data privacy and security are conjoined concepts that require coordination between people and processes to successfully address these concerns.
  • Many firms struggle with data security and are not mature in measuring the success of data security initiatives. The transition from network and devicecentric security to data-centric security is new to most enterprises. There is a significant cultural shift that must take place in order for organizations to mature their data security practices.
  • For better or worse, breaches are an organizational catalyst. As a direct result of a data breach, 45% of firms implemented new security controls and policies, and 42% said that security and privacy have become bigger topics of discussion. However, 35% also indicated that the breach caused a lot of disruption in the organization, with 18% of companies laying off employees as a direct result of a breach.

Download the whitepaper at:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.