Is data security the new cybersecurity?
October 2023 by Mark Semenenko, Director Solutions Architecture at Immuta
Despite the continuous and aggressive rise in cybersecurity attacks, it has been reported that less than half of the sensitive data in organizations’ cloud environments is encrypted. On top of this, just 45% of sensitive data stored in the cloud is currently encrypted despite the increase in the amount of sensitive data being stored in the cloud. Thale’s latest report reveals some worrying stats about the lack of cybersecurity preparedness in the age of evolving cybersecurity threats, made only more complex by the capabilities of generative AI. It’s clear that data must be both sufficiently protected and handled with care, but security teams around the world are still lacking when it comes to anticipating the potential impact of data processing activities, providing the right access at the right time and controlling usage in real time.
While many assume data security and cybersecurity have minimal differences, this is not the case. Cybersecurity does encompass the general protection of digital assets, which does include data. However, data security is much more specific. It refers only to the protection of sensitive or confidential information from unauthorized access, use, disclosure, or destruction.
Just like cybersecurity, data security can also be achieved through a variety of methods including, but not limited to:
Access control measures including authorisation and authentication.
Implementing security policies that restrict sensitive information depending on the sensitivity of information and the user’s need-to-know
Physical security measures such as locks or encryption
Business continuity planning (BCP) in case an incident occurs that causes loss or damage to your organization’s systems.
With the increasing professionalisation of cybercrime and the exponential growth of data being generated, stored and shared by both individuals and organizations – the risk of a data breach has never been higher. And despite organisations developing and implementing new data security techniques to counter this threat, the risk is still as high as ever.
The complexities of protecting data
Data security is not without its own set of unique practical and regulatory challenges that further differentiate it from cybersecurity.
Data security encompasses the protection of data throughout its entire lifecycle – unlike cybersecurity which generally focuses on securing systems from unauthorised access alone. As a result, data infrastructure and technology investments are likely to prioritise solutions that include data classification, data access control, sensitive data discovery and uninterrupted data monitoring and detection.
This much broader remit requires a more unified and holistic approach from businesses looking to protect their data – but this is not as common as it is necessary. Data teams and security teams, due to either having opposing motivations or varying goals, fail to communicate with each other on data security effectively.
This often results in data being locked down and siloed across different platforms, making the management and access of data more difficult whilst also blurring the lines of accountability when it comes to the data being secure. On top of this, if data sources are copied and stored in team or department-specific silos, or fragmented across a data ecosystem, it becomes very hard to control this information, making securing it much harder. The most common reason for this is often the two teams disagreeing on the trade-off between data utility and security.
The management of data access needs to be consistent throughout the whole data stack, which is only achievable when data policies are universally applied throughout a business.
On top of ensuring a unified approach to data security, organisations also have data privacy regulations to comply with. GDPR is becoming increasingly important and is heavily enforced by the organisations responsible, with GDPR fines in the EU in the first half of 2023 having already reached €1.5 billion. To adhere to these regulations, organisations must anticipate the potential impact of data processing activities, provide the right access at the right time and control usage of data in real time.
But there are ways that both the data access controls can protect data and ensure data access compliance with data regulations. These approaches guarantee that authorized individuals have access to relevant data, while simultaneously monitoring data usage in real-time and implementing appropriate protective measures. Once these comprehensive and inherently compliant methods are established, data access is expedited.
Building a company culture built upon data
With more data being produced and stored than ever before at an increasing rate, it’s crucial for businesses to embrace and integrate a data-driven approach to their culture if they plan to use data to inform strategic decisions and drive growth.
As businesses become more dependent on data as the foundation of their operations, it’s fundamental that they reduce any risks to their data by ensuring data security is at the core of how they operate. To do this, they will need to monitor and adapt who has the right to access important data, ensure collaboration between data and security teams and have implemented a secure, scalable data mesh architecture.