Data Security and Privacy

Overview

Data security is the process of protecting your most critical business assets (your data) against unauthorized or unwanted use.

This not only involves deploying the right data security products, but also combining people and processes with the technology you choose to protect data throughout its lifecycle. Enterprise data protection is a team sport.

Best practices for effective data security include taking a risk-based approach to protecting data, using a unified platform that integrates data security information across your entire enterprise and ensuring scalability across environments of any size across public cloud, on-premises and hybrid cloud deployments.

Top Challenges

Explosive data growth

Data is growing at an exponential rate. Keeping up with new data sources across multiple environments creates new complexity at an unprecedented scale.

New privacy regulations

The General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Proteção de Dados (LGPD) and more.

Operational complexity

Movement to cloud, big data technologies and disparate tools from multiple vendors intensifies complexity.

Cybersecurity skills shortage

Organizations are already dealing with a lack of skilled security professionals, and this gap is only expected to widen over the next several years.

Importance

Data security enables organizations to protect revenue, facilitate digital transformation, comply with regulatory mandates and generate customer loyalty.

Effective data security can be a critical differentiator for today’s digital businesses. Data is at the heart of almost every organization, and keeping it protected while also facilitating effective usage to drive business value is a key success factor.

Business, technology and compliance leaders know this — but so do cybercriminals and malicious insiders. What’s at risk? Personally identifiable information (PII), personal health information (PHI), payment card information (PCI), and intellectual property (IP), spanning data points like Social Security numbers, addresses, phone numbers, banking information, passport data, medical records, insurance information, source code and more.

Industry wise Challenges

Financial services and insurance

Privacy requirements

Financial services and insurance accounted for 19 percent of total cyberattacks in 2018, making it the most targeted industry. Not surprising, given the highly sensitive data types these institutions handle. Customer bank information and payment card data offer financial motivation for external and internal actors to steal or misuse the data. Industry-specific regulations, including PCI-DSS, FINRA, and NY-DFS (23 NYCRR 500) also complicate data protection.

Source: 2019 X-Force Threat Intelligence Index

Transportation

Privacy requirements

Transportation is a critical component of any country’s infrastructure, but if traveler data such as payment information, address or national ID numbers falls into the wrong hands, the results can be disastrous. Heavy reliance on distributed IT infrastructures and third-party vendors expand the attack surface, making it more important for the industry to secure sensitive data.

Retail

Privacy requirements

Retail organizations are among the most highly targeted groups when it comes to data breaches. Opportunities for data theft and exposure abound, with many different access points in the retail data lifecycle. Retail customers and associates access and share sensitive data in physical stores, online, and through mobile applications.

Healthcare

Privacy requirements

Healthcare organizations, which process and store a unique combination of personal health information and payment card data, are subject to strict data privacy regulations such as HIPAA. Healthcare records also have the highest cost per breach record ($408), almost triple the average, making the proper use of data security products critical from both a business and regulatory compliance perspective.

Source: 2019 X-Force Threat Intelligence Index