I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for DataCentric Audit and Protection.
The report is recommending encryption, tokenization and masking and concluded that "Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act."
We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.
I read an interesting report from the Aberdeen Group. The report revealed that data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users.
I think that the Aberdeen approach can quickly address some of the urgent issues. The name of the study is Tokenization Gets Traction.
I agree that "Hackers are becoming more sophisticated at stealing and criminally exploiting data." The latest published Data Breach Investigations Report from Verizon reported that most breaches were detected by external parties with whom the victim has no business relationship specific to detection services. Only 13% of breaches where detected by internal means. There is a lack of effective means of detecting a breach internally.
This tells me that we need to proactively secure sensitive data itself and not rely on monitoring systems to catch an attacker.
According to a survey by Ponemon, database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security.
Ponemon concluded that âThis is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.â
This tells me that we need to secure sensitive data itself and not rely on network security.
2 Readers' Comments
I found great advice in a Gartner report, covering enterprise and cloud, analyzed solutions for Data Protection and Data Access Governance and the title of the report is "Market Guide for DataCentric Audit and Protection.
The report is recommending encryption, tokenization and masking and concluded that "Organizations that have not developed data-centric security policies to coordinate management processes and security controls across data silos need to act."
We are seeing a number of common issues across recent data breaches, stealing our most sensitive data, and I think it is time to re-think our security approach and be more data-centric.
I read an interesting report from the Aberdeen Group. The report revealed that data tokenization users had 50% fewer security-related incidents (e.g., unauthorized access, data loss or data exposure than tokenization non-users.
I think that the Aberdeen approach can quickly address some of the urgent issues. The name of the study is Tokenization Gets Traction.
Ulf Mattsson, CTO Protegrity
I agree that "Hackers are becoming more sophisticated at stealing and criminally exploiting data." The latest published Data Breach Investigations Report from Verizon reported that most breaches were detected by external parties with whom the victim has no business relationship specific to detection services. Only 13% of breaches where detected by internal means. There is a lack of effective means of detecting a breach internally.
This tells me that we need to proactively secure sensitive data itself and not rely on monitoring systems to catch an attacker.
According to a survey by Ponemon, database security was recommended by 49% of respondents, but the study found that organizations continue to allocate the bulk of their budget (40%) to network security and only 19% to database security.
Ponemon concluded that âThis is often because organizations have traditionally spent money on network security and so it is earmarked in the budget and requires no further justification.â
This tells me that we need to secure sensitive data itself and not rely on network security.
Ulf Mattsson, CTO Protegrity