CyBrilliance - Technology Category
Data security governance
Data now freely crosses the prior conceived thresholds that limit business potential. It floats about in the cloud, spreads between business units, and flows everywhere.
But for all the change and opportunity that data represents, once it’s created or collected, it is under threat of operational erroattack and misuse.
Data is your foe
With the exposure of personal data at industrial scale, the growth of data privacy legislation was inevitable.
Companies and government agencies collecting and handling personally identifiable information (PII) must now comply with Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) requirements in the United States, the General Data Protection Regulation (GDPR) in Europe, and many international and local follow-on laws like Protection of Personal Information Act (POPI Act) in South Africa, Kissel Verileri Korma Kurumu (KVKK) in Turkey, and the California Consumer Privacy Act (CCPA).
A lack of explicit data security governance, expose data to breaches that carry explicit costs.
The 2022 IBM/Ponemon Institute Cost of a Data Breach Study found that:
- The average data breach cost increased 2.6% from $4.24 million (2021) to $4.35 million (2022), rising 12.6% $3.86 million in 2020.
- Ransomware breaches took 49 days longer (326 days) than average to identify and contain.
- 45% of breaches occurred in the cloud. Public cloud were the costliest at an average $5.02 million, whereas private cloud breaches cost an average $4.24 million and hybrid cloud 27.7% lower than public cloud at $3.80 million. However, analysis of the research also shows that organizations still need a mature cloud security posture, regardless of cloud model.
EVOLVING TO DATA SECURITY GOVERNANCE
Data security needs to be better deployed to mitigate the business risks identified through fit-for-purpose assessments, such as a data protection impact assessment (DPIA), data risk assessment (DRA) or a financial data risk assessment (FinDRA)¹ .
Adopting a DSG framework requires organizations to ensure that DRA and privacy impact assessments (PIA) are planned and managed throughout the data life cycle to establish and continuously support and develop DSG policies.
DSG part of your cyber security toolset?
DSG adoption should always be implemented with the flexibility to integrate with existing cyber security and cyber resilience toolsets. Security and risk management leaders should adopt a [data security platform (DSP)] strategic approach (as part of DSG) to capitalize on their data and share it securely using consolidated platforms.
Adopting a Data Security Platform strategic approach will protect your data using a “need to share” approach, rather than the traditional “need to know” approach¹. The latter approach is synonymous with a conventional Data Loss Prevention (DLP) approach.
Data Security Platform
DSP enables organizations to ensure their business can stay agile, use and share its data to drive business growth, and maintain data security. Organizations must break the mould of the past and avoid being disrupted by siloed data security controls that were not designed to support these new requirements.
To attain a “need to share” approach with a DSP, can be achieved in combination with adopting real-life examples of Zero Trust¹. The tenets of Zero Trust and DSP are aligned:
Want to know more about Data Security Governance?
We are always happy to talk
As one of our focus areas, our team can inform you how Data Security Governance can assist with your cyber resilience strategy.
