Why CyberSecurity Budget Should Focus On Data-Centric Security

Data will continue to increase in value

Today, digital-first approach adopted by major organizations has elevated “Data” as the new king. This is the mantra that drives the tech industry. While data has become the single most important valuable commodity in the industry, the proliferation of the same poses a new challenge for organizations – how to protect the data from cybercriminals? There are two types of data that cybercriminals are interested in:

  • Data that identifies customers or potential customers categorized as Personal Identifiable Information.
  • Data that describes processes, source code for a competitive product, company acquisition information or any data that is described as Intellectual Property.


Data is foundation to business and technology growth

Data is changing the way we work, live and play. Thanks to cloud applications, social applications, and IoT devices our personal data is easier than ever to collect and correlate with business applications melding our personal life with work life. Digital transformation over the last few years has also provided more credence to data by spurting a wave of cloud adoption. Organizations have an increasing amount of data that is inevitably increasing the need to store them in larger repositories. This alone is creating a new industry by driving the need for new technology such as big data analytics with machine learning and artificial intelligence to make sense of the data.


Data is driving cloud adoption

Data is not the most important driver of cloud adoption; it is the only driver of cloud adoption. For businesses and consumers alike, creating, sharing, and using information is the foundation of messaging, SaaS, and IaaS, creation and adoption.


Data is a leading motivation driving cyber-criminal activity

The biggest exploits in the industry impacting businesses and consumer are data breaches. The value of data to cybercriminals such as nation states, organized criminals, activist hackers, or general bad actors, is increasing every year and so are the exploits.

Check our recent blog on the list of notable exploits in the last few weeks.


The shift to Data-Centric or Information-Centric Security

The threat protection world is growing with a new breed of threat technology ranging from Endpoint Detection and Response (EDR), Isolation technology to simply segregate users from potential threat, layered approaches for on-premises security driving new security frameworks and architecture aimed at solving cloud security such as Gartner Secure Access service Edge and Forester Zero Trust Framework.  Most organizations have a blind spot to data and therefore investment sparingly in data security.

Many cloud providers such as Microsoft, Google, and Amazon are increasing their investments in security, while maintaining a ‘shared responsibility model’. These investments are not designed to solve an organization’s end-to-end security infrastructure, rather to provide options. Some organizations that do have a more complete model, such as Microsoft Office 365 provide an advanced AIP solution for threat and data protection, however they are sorely overpriced and limited in functionality.

The challenge of data protection in cloud applications and services such as messaging, SaaS and IaaS is best addressed by a centralized security solution that protects applications and services from a single source. This is why Cloud Access Security Broker (CASB) vendors such as CipherCloud, are continuing to invest and expand security controls such as access to cloud (Messaging, SaaS, IaaS). CASB also empowers organizations to maintain control of their security posture and provide them with the freedom to shift cloud subscription and services without the impact to security.


Data responsibility is shifting to the organization that collects, handles, and stores the data

 What is most surprising is the lack of focus most organizations have on their data-security posture and little to no visibility of where their sensitive data resides, how it’s being shared, and who is accessing the data. This is not purely negligence as much as it is an issue of investment and resources. Data protection, unlike threat protection, requires programmatic approach starting with educations, re-valuating the need to collect data, implementing a process to handle data, and technology to identify and secure the data.

With the increasing heavy-handed government regulation protecting personal data, the need to secure data is going to drive a data-centric security approach. With regulations such as GDPR, CCPA, HIPPA and PCI to name a few, turning a blind eye to data security and cloud security is no longer financially viable. The impact of a breach in terms of negative financial impact, brand reputation, and consumer confidence will far outweigh the cost of implementing a data-centric security model.

According to Gartner, “Through 2025, 90% of the organizations that fail to control public cloud use will inappropriately share sensitive data”. The time is now to act on data security.


About CipherCloud

CipherCloud introduced the first CASB solution to the market in 2011 and continues to reshape the cloud security market. CipherCloud’s recognized data protection expertise forms the foundation for the industry’s only zero-trust CASB solution, providing seamless zero-trust security across all clouds with unified policies, trusted data protection, and automated compliance for the cloud-mobile era.

The post Why CyberSecurity Budget Should Focus On Data-Centric Security appeared first on CipherCloud.

*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: