A shift to prioritize data security investments through a Data Security Governance Framework (DSGF) was among the top seven security and risk management trends identified by global research & advisory firm Gartner in 2019.
Breaking it down, the report observed that the changing paradigm of security meant that enterprises were required to identify other frameworks for protecting data. The first step involves the understanding of the data generated by asking questions such as:
- Why was this data created?
- When was it created?
- How will it be used?
- Is this data compliant with the regulations my business needs to adhere to?
- Can the original owner of the data make a request to get it deleted?
A framework for better data security
By answering these questions, enterprises can create a Data Security Governance Framework (DSGF) to better utilize and protect data. The research recommends this approach over acquiring data protection products and trying to adapt to them to suit a business need. A Data Security Governance Framework (DSGF) provides a blueprint that is organization-centric which classifies data assets and provides the bedrock for data security policies.
In this framework, there is no one-size-fits-all solution. Every enterprise approaches data security on a case-by-case basis, trying to understand their unique data security requirements in the hopes of finding unique solutions.
The need for better alignment
The framework helps to provide a balance between the business need to maximize competitive advantage and the need to apply appropriate security policy rules. Adopting this framework will require greater collaboration within an enterprise’s Information Security Team regarding aligning approaches for data classification and lifecycle management. This involves classifying data according to unique requirements – which dataset is the most important and requires maximum security?
Different businesses use different methods for protecting data –
A method through which data at rest or in motion is masked which protects it but also ensures that it is usable. It helps organizations raise their level of security for sensitive data while conforming to privacy regulations and other compliances.
Data Audit and Protection
This method uses active data control, monitoring and logging to check and detect suspicious activities.
Unusual behaviour and anomalies are detected and flagged and acted upon instantly by stopping suspicious users from accessing critical data and flagging network administrators about this behaviour. Data is separated from users as per their roles.
DSGF can be a useful tool for enterprises to plan their data security investments and allocations. The framework helps an enterprise understand their own requirements clearly and helps enterprises to make better decisions on investment purposes. Some of the key details that DSGF can help in are in:
- Volume, veracity and variety details of each type of dataset
- Business risks and financial impacts of each dataset
- Data residency issues affecting each dataset, specifically as there are different data privacy laws for different geographies and jurisdictions
- Asset management data
- Consistent access and usage policies for different datasets
Rather than using technology to solve their data security issues, enterprises must ideally use the Data Security Governance Framework (DSGF) to understand and identify their own business requirements. Once the identification is conducted and a framework is created, it would then be prudent to identify the appropriate technology solution for an enterprise’s own data needs.
However, if you want expert consultation on your current framework, please contact us and we will be glad to advise you.