Chris J Powell

Making the Move to Data Driven Security

A forward thinking colleague at work @jamccloskey enlightened me to a growing trend in IT Security that will likely have very long lasting repercussions on nearly every aspect of IT.  The growth and literal explosion of the size and structure of Data has made it increasingly the target of hackers and criminals alike and the rise of mobility has made the requirements of securing that data even more difficult.  The move to a world where it is the Data not the Device that is protected is fast approaching.

In working with James last week during a project that had us look to the future of Mobile Device Management we looked to the interesting moves that are starting to take shape in that space that puts the protection of the Data far higher on the wants and needs list than securing and wiping devices.  This had me start to think about all the repercussions of what this new paradigm would bring…and off to searching I went.

I located a very interesting White Paper produced by EMA (Enterprise Management Associates) back in April 2011 titled “Data-Driven Security: The Time is Now“.  In reading through the details of this report I started to get a new respect for the work that CISOs and Security Specialist go through.  The challenge is not just security the Data but also managing the Risk and the Risk tolerance of the business or organization they support.

In staying on the theme of EMA I also found that Scott Crawford has become very vocal about this new shift in Data Security and has built several blog series and has taken on a great deal of research on the topic.

In the world of Big Data, Business Analytics and Business Intelligence, we often think of Data Quality being the most important aspect towards the success of the project itself but as we as companies, countries and individuals start relying more and more on the decision support of advanced analytics…does security of that data not trump the quality?

Everything about Data Driven Security seems to stem from 3 key components: the Data Source, the Tactics and the Strategy.  Depending on if the data is internal or external…the Strategy and the Tactics to secure it may vary.  This also becomes even more vital as more and more mobile  devices request to access data either through Cloud Based Applications or direct from the source.  If we look at securing the data both at the Network Level and at the Application Level this alters how we authenticate and supply the context behind the content that is driving the need and desire of business leaders in a world of Bid Data.

There is a coming change to IT and business in general.  Risk Management needs to take a broader stance in the decision making process.  Understanding what tolerance to risk is acceptable but then also communicating that back to all Lines of Business will help to ensure that there is the right balance between Security and Agility to meet the ever changing business needs.

To all the CISO’s and Security Specialists out there…this one is for you.  Your job is never easy, it is often thankless but the countless customer records, buying habits and other private data that you protect and keep secure is important to each and everyone of us so keep fighting the good fight.


Chris J Powell

3 thoughts on “Making the Move to Data Driven Security

  1. Hey Chris,

    I feel this is an important paradigm. Our case-comp team under the leadership of ITRG Research Analyst Jessica Ireland drove a data-centric approach to Cloud Security, Mobile Security, and Consumer App Security when scoping upcoming Info-Tech research. Expect to see this content in 2013!


Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.