SecureTechWhitePapers

A Buydown for Risk: Why Data Security is a Must

Core and edge security are important, but data security must be the bedrock. Enterprises face a plethora of different types of risk nowadays, including...


A Buydown for Risk: Why Data Security is a Must | HiTechNectar
Published By - hitechnectar

Core and edge security are important, but protecting data itself must be the bedrock.

Enterprises face a plethora of different types of risk nowadays, including business, operational, market, and systemic risks. The advent of the World Wide Web and the evolution of connectivity generally, and e-business in particular, have brought with them an ever-present threat of cyberattacks, and cyber-risk has joined the range of risks to be factored into the cost of doing business.

With cyberattacks now inevitable and data breaches highly likely, it is logical that companies should evaluate their investment in security by their ability to reduce risk. In analyzing investment trends, however, Ovum detects a curious imbalance in the allocation of funds.

Investments in the many forms of end-point and network security, hereafter referred to generically as edge security, continue to grow apace. Identity management technology, which Ovum calls core security, grows more slowly, but is still a well-established, multibillion-dollar business. A third area of activity, namely data security, is by comparison relatively neglected. This white paper will argue that protecting the data itself must be the central pillar of enterprise risk mitigation and the base on which edge and core security should rest.

Ovum view

Enterprises are increasingly aware of the need to protect their systems and users from cyberattack. This is a good thing, as it indicates a growing awareness of security risks, no doubt underpinned by the never-ending stream of headlines about companies, many of them household names, and the major data breaches they have suffered (in recent times, the likes of Facebook, Google+, Equifax, British Airways, Deloitte, DHS, and eBay, to name but a few).

This scenario has, inevitably, pushed many companies to double down on investments in technology to keep threat actors and malicious code out of their environment, as well as to stand guard on data leaving it, in order to block any unauthorized outbound traffic. This focus on edge security is perfectly understandable, as is their continued spend on technologies related to the management of identities, whether those of their employees, business partners, or customers (what Ovum calls core security). There is even talk, as companies increasingly enable their employees to work from anywhere, of the notion that “identity is the new perimeter” in IT security.

This scenario has, inevitably, pushed many companies to double down on investments in technology to keep threat actors and malicious code out of their environment, as well as to stand guard on data leaving it, in order to block any unauthorized outbound traffic. This focus on edge security is perfectly understandable, as is their continued spend on technologies related to the management of identities, whether those of their employees, business partners, or customers (what Ovum calls core security). There is even talk, as companies increasingly enable their employees to work from anywhere, of the notion that “identity is the new perimeter” in IT security.

Both edge and core are eminently deserving of enterprise investment and attention. However, securing the data itself, both via obfuscation techniques and by deploying database security (i.e. database activity monitoring, plus analysis of database log events), is essential to underpin both and, as such, must be front and center of enterprise strategy for managing risk. As threat actors continue to find ways through the corporate edge and to hijack the accounts of legitimate users (particularly those with the greatest access privileges), protecting a company’s sensitive data assets, and ensuring that authorized data activity is appropriate, are the cornerstones of mitigating enterprise risk.

Time and again we see well-built edge defenses breached and bamboozled, and even companies with mature systems for managing privileged access have been duped by account hijacks. Only by investing in the security of the actual data can companies hope to reduce the risks to the business.

Obfuscation renders stolen data useless, while database security enables the detection and blocking of attempts by attackers to access data, even if they are posing as legitimate users.

Key findings

  • Edge and core have higher profiles than data.
  • Both edge and core security have shortcomings.
  • Data security is better at risk mitigation.

You May Also Like to Read:

5 Best Practices For Application Security | A How-To Guide

3 Data Security Threats All Companies Face | Things to Consider in 2019

Add Comment

Click here to post a comment

2 × 4 =

Download the complete Resource:

I would like to receive communications from HiTechNectar and consent to the processing of the personal data provided above in accordance with and as described in the privacy policy.


Translate »
Social media & sharing icons powered by UltimatelySocial