Data is a critical business asset. But it’s not enough to simply store it. To unlock value, it must be easy to share across teams, and potentially with third parties. Unfortunately, many organizations assume the concepts of information security and data sharing are mutually exclusive. With a data-centric security approach, they don’t need to be.
The benefits of data sharing
Back in 2021, Gartner predicted that by 2023, “organizations that promote data sharing will outperform their peers on most business value metrics.” It argued that a traditional “don’t share unless” mindset is hurting businesses, and that they should instead view data sharing as a necessity to accelerate digital transformation. Data analytics in particular are a vital tool for spotting patterns in historical data, unlocking predictive insight, and helping to drive better decision making.
More broadly, data sharing ensures the right information is made available to the right people at the right time—to enhance collaboration and knowledge exchange. This, in turn, is the path not just to operational efficiency but better decision making and innovation-fueled growth.
Understanding the risks
However, IT security and compliance leaders will point out that data sharing is often at odds with the principles of data protection and privacy. Organizations must take their responsibilities in this area extremely seriously, or else risk falling foul of regulations like PCI DSS (for cardholder data), or the EU GDPR or CCPA in the US (for personally identifiable information). A serious breach incident could cost millions of dollars in investigation, remediation, legal charges, lost business and more.
It is easier done than many might suspect. For example, many cloud storage applications enable collaboration/data sharing via a URL. But there are risks involved in that these links could in theory be forwarded to unauthorized users, stolen or even guessed by hackers. In many apps it is impossible to subsequently revoke access to individual URL recipients, which can create more risk.
In another scenario, data shared externally or across enterprise teams may end up in an environment with fewer security controls. That may expose it to the risk of theft or manipulation by a bad actor capable of exploiting poor password policies, application vulnerabilities, or misconfigured systems. These risks have arguably increased since the pandemic, as hybrid working grows in popularity. Home workers may be logging-on with under-patched and under-protected personal laptops, and from poorly secured home networks, for example. Evidence also suggests that remote workers are three times more likely to click on a phishing link.
Finally, consider the risks associated with simple human error. That is, data that is shared accidentally with the wrong recipients. Three-quarters (74%) of all breaches assessed by Verizon for its 2023 Data Breach Investigations Report involved the “human element.”
The power of data-centric security
This is why more and more organizations are turning to data-centric security—to empower their employees to extract maximum value from the information they hold, without exposing the company to unnecessary extra risk. As the name implies, data-centric security is primarily focused on protecting the data itself, so that even if it is exposed to unauthorized individuals it will be rendered useless.
We can identify three key pillars to such a strategy:
- Granular access controls, to ensure only authorized individuals can access specific data
- Tokenization and anonymization applied to data, to enable secure sharing and its use in analytics without exposing sensitive information
- Continuous auditing and monitoring to detect unauthorized activities, inside the enterprise and in third-party organizations
Data-centric security can reduce breach and compliance risks—but in so doing it supports business growth by enabling secure data sharing.