Coordinate Data Security With Business Requirements

To ensure adequate security and data governance, involve the business in planning data rules and requirements.

Within the world of data security exists a singular truth: Not all data is created equal. However, companies have a habit of treating all data in the same way. This means that the most sensitive data is being protected at the same level as the least sensitive data.

“You’re never truly going to have perfect security,” says Brian Reed, research director, at Gartner at the Gartner Security & Risk Management Summit. Companies need to balance security options with the needs of the business.

The challenge for IT is when its security practices don’t consult the rest of the business.

The increase in cross-platform usage means data is more spread out in the enterprise. The challenge for IT is when its security practices don’t consult the rest of the business and acknowledge who needs access to specific data and why.

In fact, 11% of business units have no involvement in setting information security policy.

Read related article: Demystifying Security Analytics

“As counterintuitive as it may sound, data security needs to become a business enabler, support business agility, and support new digital business processes that are not sustainable without it. And for that, data security needs to be business goal driven and led,” says Reed.

IT should establish the business requirements for data and use that prioritization to address data security governance. This will create a system that works for the entire enterprise.

Infonomics: Turn Information Into Your Competitive Edge
Doug Laney shows how to monetize, manage and measure information as an asset.
Free Chapter

Consult the drivers

Mr. Reed shared an example of when, in 1967, Sweden changed from driving on the left to driving on the right side of the road. Road signs were confusing, no one directed the process, and the result was a disastrous day of driving because the system lacked governance. The government had established rules based on what they needed, but hadn’t consulted the drivers.

Similarly, when IT departments create data rules without consulting business stakeholders, the result can be as confusing as a country full of drivers playing by their own rules. For example, data security governance fails when data is tagged or classified inconsistently, automated processes are inconsistent, and users misinterpret the differences between confidential and highly confidential data.

Secure data in a business-oriented manner

As data storage evolves, data security must look into how data moves throughout the enterprise to prevent loss and leakage. The goal should be to “create an ecosystem of data” without leaking sensitive information. The goal is to secure the point of creation, as opposed to the more traditional approach of securing how the information is being sent.

Essentially, companies should focus less on creating secure pipelines and more on using smart information that knows where it is supposed to be, advised Mr. Reed. This will allow the right person to access the right data to enable desired business outcomes.

 

Read the Special Report: Cybersecurity at the Speed of Digital Business, by Brian Reed, et al.

Get Smarter

Gartner Data & Analytics Summits

Get the tools and insights you need to build on the fundamentals of data and analytics.

Explore Gartner Events

100 Data and Analytics Predictions Through 2021

Over the next few years, data and analytics programs will become even more mission-critical throughout the business and across industries....

Read Free Research

Cloud Computing Primer: Eliminate Confusion

Cloud computing, in its many forms, has become an integral part of IT. Yet, even after 10 years of cloud hype, confusion is still rampant....

Start Watching