Taking a Data First Approach to Optimize Data Protection Controls
In our previous blog, ‘Data Risk Intelligence’ vs. ‘Data Security,’ we discussed the definition and importance of data visibility. We discussed legacy, cyber-focused controls vendors (e.g., Varonis) as well as privacy-focused vendors (e.g., BigID ) that take a tactical approach for securing “some” data as opposed to “all” data. As one of our music media customers recently stated. “It’s the blind spots that gets you. If you don’t know what you don’t know, that’s where you’re going to get caught.” This is exactly what data risk intelligence is all about. NVISIONx uses a strategic, “data first” approach of “knowing” your data before configuring controls to protect them.
Legacy solutions are failing to prevent breaches and reliably protect enterprise data for two primary reasons: 1) their ability to see and inventory all data is limited – in some cases to less than 10% of your data; and 2) they typically lack the business context about what data is critical and why. If you’re dealing with compliance data, the regulations define the data attributes and permissible data sharing rules. However, who can provide the crucial data attributes for non-regulated data such as intellectual property, business strategies and board communications?
For example, these legacy cyber controls leave the CISO on an island. They do nothing to help them understand the answers to questions including: What does all of my non-regulated, critical data look like? Where is it stored? Who should have access to critical data? Who are we sharing critical data with outside the company?
NVISIONx defines data risk intelligence (DRI) as the fusion of business data analytics with cybersecurity information to deliver reliable business insights to:
- Establish a complete inventory of all data
- Contextually classify all data in business terms with owner accountability
- Separate sensitive data from non-sensitive data to optimize data protection controls
- Defensibly dispose of useless data
- Proactively and continuously monitor risk & compliance effectiveness
- Gain greater business transparency to make better informed decisions
What is Data Risk Intelligence?
Source: Gartner
ID: 465140
Data Risk Intelligence (DRI)
For the longest time, we were delivering these innovative capabilities to our customers, while also intriguing the markets, but we didn’t know what to call it and we had no referenceable framework about what we do and how it works. Then, after engaging with Gartner, Inc., they shared their view of “data security governance” and it finally gave us the clarity and definition of what makes NVISIONx so unique. One of Gartner’s leading, global cybersecurity analyst shared, “You may be the first… I have not found any other vendor that does this yet…” We decided to modify the name to DRI as it may infer that the CISO alone should lead this initiative which would likely perpetuate the problem and sustain the status quo. In any regard, this simple, but powerful framework is at the heat of how to finally better protect data in a true risk-based approach.
Once the CISO better teams with business professionals who know their portion of the data, data breaches and security incidents start to diminish. This at the heart of our “data first” methodology which delivers a data risk-driven path to protecting what matters most rather than a hyper-focus of just compliance data. More importantly, it brings new life to existing data protection controls such as Data Loss Prevention (network, email and endpoint), Cloud Access Security Brokers (CASB), Privilege Access Management, Insider Threat, Data Rights Management (DRM), and Vulnerability Management. Most of these controls actually work, but if the cyber team is forced to configure these controls without teaming with the business, it often results in voluminous false alarms, broken business transactions and continued breaches.
How We’re Different
DRI is about knowing all of your data in both business context as well as in terms of cyber risk and compliance. Removing the blinders and knowing your data more completely will empower you to make better decisions to enhance your broad data protection capabilities to Protect the Jewels! This is what we do at NVISIONx and we’d love to show you how.