Growing Your Data Security Ecosystem

Be careful what you ask for... 

The current state of enterprise security has created some interesting challenges for organizations and IT departments. Despite the tight economic climate, with the ever-increasing torrent of data breaches dominating the headlines, many CISOs are suddenly finding themselves with unexpected—and sometimes significant—increases to their budget. 

Which usually, wouldn’t be thought of as a bad thing. But these are different—and challenging—circumstances. Frequently, my peers are finding themselves answering tough questions in front of executive management, or if publicly held, the board. 

“How do we make sure this doesn’t happen to us? What are we doing to protect ourselves? What’s our risk?” 

This is particularly true if the most recent breach is a direct competitor, in the same industry, or has the potential to impact their supply chain or services they use. Case in point, anyone in retail that utilizes POS terminals is spending a significant amount of their time these days reassuring management that their data security posture is solid. 

Investing in your business 

Securing your enterprise IT infrastructure, your extended networks and the valuable information contained within them has never been more important. Enterprise management teams around the world are prioritizing security and spending more money than ever to improve their defenses. And anecdotally, those who I have spoken to in the industry have generally confirmed that their budgets are increasing —in some cases dramatically. 

Now having more money is a great problem to have. But it is not without its own risks. Simply throwing more money at enterprise data security may not work as intended. In fact, it can increase your risk. 

Before adding more tools or services to your portfolio, take a step back. One of the first steps you should take is to understand and optimize what you already have. 

This includes whether or not you have strong data governance policies, solutions and processes. For example, do you have a robust, comprehensive asset management solution? One that covers the basics, like enabling you to quickly and accurately identify and track down end user assets? 

Second, how strong is your enterprise-wide awareness of risk? One place you may need to start is strengthening end-user awareness and training. For example, advanced threats consistently use spear-fishing techniques to gain toe-holds in highly secure networks. Have you educated your employees to look for suspicious emails and think before they open attachments? With the proliferation of cloud-based file-sharing and collaboration tools, have you told your employees about the risks of storing sensitive corporate information on public cloud-based file sharing applications? A little education can go a long way. 

Source:  RICOH USA