Menu
Data Security: Whose Job Is It Really?

Data Security: Whose Job Is It Really?

Forrester believes CISOs must revisit the need to centrally control data security.

Forrester has a recommendation for CISOs struggling with how to secure corporate data:

Stop trying so hard.

Despite years of investments in technology and processes, protecting enterprise-wide data remains a maddeningly elusive goal for chief information security officers (CISOs). Software-as-a-service (SaaS), Web 2.0 technologies, and consumerized hardware increase the number of escape routes for sensitive information. Regulations, statutes, and contractual expectations drown CISOs in audit requests and ratchet up the pressure to do something about the problem. Hordes of vendors confuse CISOs with innumerable sales pitches.

Instead of beating your head against the wall, devolve responsibility to the business, keeping controls closest to the people who use the data. IT security should be primarily responsible only for deploying data protection technologies that require minimal or no customization.

Data-Centric Security Is More Important Than Ever--But Harder To Achieve

Today's regulatory climate forces IT security to comply with statutes such as Sarbanes-Oxley and HIPAA, industry-imposed security standards such as the PCI Data Security Standard (DSS), and an unending barrage of audit requests from key customers, banks, and auditors. From Boeing to Petrobras to The TJX Companies, daily newspaper headlines grimly announce the latest toxic data spills, causing increased customer scrutiny.

The pressure on IT security to secure enterprise data in all its forms has reached its breaking point. According to Forrester's Enterprise And SMB Security Survey, North America And Europe, Q3 2008, a huge majority of IT professionals--85 percent--worry about the loss of intellectual property. But IT security staffs are stretched thin and are increasingly challenged to solve an essentially unbounded problem. Organizations today face:

-- Massively increased conduits for information flow. Fifteen years ago, the most common Internet connection was the T1. Today, it is the OC-12--two orders of magnitude more bandwidth. Increasingly, mainstream technologies like virtualization are redrawing the lines between operating systems and the hardware they run on. And the adoption of non-owned IT assets continues apace. The confluence of outsourcing, SaaS, and unmanaged consumer gadgets ensures that IT security's grip on information has never been more tenuous.

-- Consumerization of IT moves data beyond the reach of the CISO. The increased use of Web 2.0 technologies such as blogs, social networking, and consumer-grade instant messaging increases the speed with which information moves outside of the enterprise. [Editor's note: See also Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0.] Worse, the pace of change of consumer gear tempts employees to ditch stodgy corporate hardware and bring their own gear to work--creating even more data worries.

-- Too many vendor point products. In considering solutions for securing data, enterprise CISOs are confronted with the tyranny of choice. Lost a laptop lately? Full-disk encryption will fix that. Employees promiscuously passing around payment card records? A dab of data loss prevention (DLP) will surely do the trick. The surfeit of solutions to narrowly defined technical problems ensures that the wish list only gets longer.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags data securityforrester

Featured

Slideshows

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintains Showcase 2018 momentum in Wellington

Ingram Micro maintained Showcase 2018 momentum in Wellington, hosting more than 40 vendors at TSB Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro maintains Showcase 2018 momentum in Wellington
Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro launches Showcase 2018 in Christchurch

Ingram Micro kickstarted Showcase 2018 in Christchurch, hosting more than 40 vendors at Horncastle Arena. Under the banner of Leading the Way, the event demonstrated what’s new, what’s next and how it can be used to improve business and everyday life.

Ingram Micro launches Showcase 2018 in Christchurch
Data breach notification laws in NZ: How can partners prepare?

Data breach notification laws in NZ: How can partners prepare?

This exclusive Reseller News Roundtable outlined the responsibilities facing security partners today, assessing risk while evaluating the role of the vendor in providing added layers of protection.

Data breach notification laws in NZ: How can partners prepare?
Show Comments