This article was originally featured on the IBM Security Intelligence blog. To read the original article in its entirety, click HERE.
There is a lot of talk about ‘modern’ data security. Organizations want a data security strategy that aligns with a digitally transformative vision. But what do modernization and vision actually refer to? And what do modern data security solutions really require?
Here are four essential requirements for “modern” data security that provide the basis for a program that can help to stop a breach:
1) Data Security Solutions Must Integrate to Innovate
First, modern data security solutions must be inclusive of other tools. Gartner outlines a key challenge in a report: “… increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and have siloed coverage of data stores and security functionality.”
What this illustrates is the importance of a unified approach and the importance of data security as a part of an overall security program.
Today, 53% of organizations report they are at a tool ‘tipping point,’ wherein tool sprawl has begun to adversely affect their security efforts. Often, this has as much to do with the tools not being able to integrate well with one another as it does with the sheer number of tools installed.
Many data security solutions serve to encourage this trend toward niche use, tactical installation and lack of interoperability. Today’s needs are quickly reshaping this landscape. By adding tools ranging from ticketing platforms to identity and access management to SIEM, organizations can centralize data security in an effort to boost cross-security teamwork.
The process of changing the structure of a security stack brings its own headaches and costs, too. So, this integrated approach helps to ensure that you derive new value from existing investments made into tactical tools, rather than throwing them in the IT trash heap.
2) Designs on the Future of Data Security Solutions
With integration taken care of, firmly set your sights on the modern data security solution itself: Is it designed in such a way that it truly addresses the pains of the user? Often, legacy data security vendors have relied on their clients to code their own reports or integrations. The clients also need to learn new programming languages and processes to accomplish simple tasks. While this certainly helps users customize a given platform, it also drains resources. Note that 70% of respondents to a recent survey believe their organization has been impacted by the growing cybersecurity skills gap.
The way to combat this trend is simply to do less. That does not mean cutting down on what your data security solutions can do, but it does mean relying on the principles of enterprise design thinking. Design with the client’s needs in mind. You should make integration as simple as an application programming interface (API) call. Make custom reporting a series of dropdowns and click-and-drag workflows that take seconds. Lastly, adopt a low-code or no-code approach.
This sounds like common sense. Of course, you want to give people the tools to code their own solution. However, that time could be spent on driving better data security outcomes instead. Don’t delay at the starting line learning new programming languages.
3) End-to-End Solutions
A modern solution that integrates well and is easy to use must still stand on its own to deliver end-to-end data security. It needs to address the spectrum of needs from encryption to incident response. Data encryption and access policy enforcement, vulnerability assessment, centralized data discovery and data activity monitoring, and threat intelligence and incident response are key in the modern hybrid multicloud environment.
Often, vendors deliver pieces of this puzzle, expecting clients to put it all together. This harkens back to the earlier point about the tactical deployment of solutions rather than doing it on a programmatic scale. There is tokenization without encryption or vice versa. Vulnerability assessment comes with a basic list of steps that can be taken to squash bugs. However, these lists often lack detail, and workflows may not be in place right away.
You need data security solutions that are automated and granular, both in the steps to repairs and also in the detection of the risks and threats in the first place. Advanced analytics are key in effective data security, as they allow admins to understand, triage and analyze the risks in real-time. From there, they can automatically generate tickets or reports to notify stakeholders, or take direct action.
4) Keep the Database Security Fight Flexible
Lastly, good modern data security solutions need to be flexible to match the hybrid cloud. Defense goes hand-in-hand with integration and data monitoring, data protection and data threat response workflow. So, the last frontier is flexibility. By extension it’s also scaling, as the two go hand-in-hand. Deploy cloud-native tools that can grow as your enterprise does.
One feature of leading data security solutions that helps is to deploy containerized solutions that embed directly within a cloud. While new, containers are seeing massive adoption in the enterprise.
This growth is not a surprise. It speaks to the heart of data defense. A containerized application can run in any major database-as-a-service or on-premises bare-metal server without requiring adjustments to the code. This means it can be flexible, able to be deployed exactly where it’s needed. This, in turn, means you can monitor for and analyze risks faster and quickly scale as that data estate expands.
Choice is the key. This isn’t a vendor assuming the needs of the client. This is modern data security solutions adapting to where and how they must be installed. Both containerized deployment and also myriad other emerging features and functions, such as various monitoring types, illustrate this. These can range from agentless for lightweight compliance reporting to agent-based for near real-time, ongoing insight into mission-critical data sources.