Security continues to be a top concern keeping IT leaders up at night. With good reason – the impact of enterprise security breaches can include remediation costs, reputation damage and reduced customer confidence.
What can leaders do to protect their data without sacrificing business agility? In August 2017, IBM commissioned Forrester to conduct a survey of IT and security decision makers to explore how organizations are implementing enterprise security to protect their data.
The Forrester study revealed that 46 percent of the organizational representatives surveyed encrypt little to none of their data, with only 12 percent encrypting all their data.
It also highlighted a wide range of security issues, including, a need to operationalize security to secure the new data perimeter, a focus on protecting data but a lower level of actual encryption, and a desire for a “zero trust” approach to security, restricting access to those who need it.
- Operationalizing Security
According to Forrester, operationalizing security is about “taking specific steps to identify malicious actions and respond to them in order to fix the issue.”
One of the biggest enterprise security issues today is the explosion in data, with much of that data being located beyond the previous security perimeter.
70 percent of people surveyed said they stored critical data in the cloud – so cloud service providers need to protect client data from other clients sharing the same cloud.
- Encrypting data
85 percent of those surveyed currently encrypt their data based on a data classification scheme. Having to decide which data to encrypt exposes the remaining unencrypted data to attack.
The simple answer is to encrypt all data – an approach called pervasive encryption. But doing this in software can impact service level agreements (SLAs) because of the performance overhead. Pervasive encryption becomes practical when it is done in hardware with special cryptographic co-processors.
Encryption keys also need to be protected in order to properly safeguard data. Holding encryption keys in the clear speeds processing, but opens up other possible attack vectors.
- Zero Trust
66 percent of those surveyed said that they subscribe to a zero trust approach to security.
Typical approaches include implementing access control mechanisms and enforcing role-based access – and these have proved valuable in protecting systems from many threats.
However, this still leaves system administrators with widespread access to data and applications, and they have often been the culprit (either intentionally or accidentally) in recent insider attacks.
If any of these issues are plaguing your IT department or keeping you up at night, you have options. Depending on your specific business needs and your existing environment, you can find peace-of-mind through a number of available solutions, so check with your trusted technology partner to get started on a plan that can help ensure your organization’s assets are safe, and you sleep at night. #LetsGetToWork
 Operationalize Security To Secure Your Data Perimeter, a September 2017 commissioned study conducted by Forrester Consulting on behalf of IBM.