Across the globe, companies are tapping the power of data analytics to drive agility and growth. They’re creating new business models, unleashing innovative products and services, and deriving new insights to help target customers more effectively and streamline business processes. In order to do so, many are turning to data warehouse and analytics platforms like Snowflake, Amazon Redshift and Google BigQuery.
But in order to manage the resulting security and compliance risks without limiting business impact, organizations should consider a more focused approach to cybersecurity. That means protecting the asset that matters most: the data itself.
This data is in high demand, whether it’s monetized in ransom attacks or sold on underground markets to the highest bidder. Reported breaches in the US hit a record high last year, up 68% on 2020 figures. The financial and reputational fallout of such breaches can be significant, especially in the context of rigorous privacy regulations coming into force around the world. Regulators are increasingly prepared to levy major fines for companies they see failing on data protection. Over $1bn in monetary penalties was issued under the GDPR last year, seven times more than in 2020. And perhaps just as damaging to long-term growth is when digital transformation projects including data analytics are put on hold because of security and compliance concerns.
Organizations sometimes compound these challenges across their analytics, security, and compliance teams. Cloud migration projects may be started without a full data audit and classification process, creating security coverage gaps. Project owners may try to manage everything in-house where resources and expertise are in short supply. And even when security teams are involved from the start, many mistakenly apply traditional controls to cloud environments, and place too much trust in cloud providers’ in-built protections. AD/LDAP integration, role-based access controls (RBACs), and traditional database encryption for data at rest are not always sufficient to mitigate risk.
Compliance teams might exacerbate these problems by mandating project owners anonymize or mask their data or not use sensitive data at all. That might make it easier to achieve compliance, but will deprive the organization of the invaluable insights which analytics could deliver.
Needless to say, such approaches are neither sustainable nor future proof. They may significantly limit the scope of projects, perhaps even stonewalling them altogether. And on the other hand, tick-box security reliant on legacy tooling and processes could perpetuate coverage gaps and drive up the risk of data exposure and non-compliance. Competitive advantage will ultimately be diminished.
The good news is that there is a better way—if organizations focus less on securing the IT infrastructure surrounding their data and more on the data itself. Cloud technology will inevitably advance and as it does, new solutions will need to be adopted to keep pace or else organizations run the risk of exposing data to new risk. This is difficult to sustain both financially and from a skills perspective, given the IT security industry is facing massive manpower shortages of over 2.7 million workers globally.
To avoid this dilemma, organizations should follow a data-centric security approach designed to keep data safe throughout its lifecycle—wherever it flows and no matter how complex the environment surrounding it is. This will deliver multiple business benefits. Organizations will be able to:
Cloud-based data analytics could be a fast-track to competitive advantage. But only if you get security and compliance right first.