What are you protecting? It should be an easy question, but it’s not. In fact, it’s almost impossible unless you have to have a clear understanding of how data is created, how it’s used, who owns the data stores, and what the effects are on the data when you apply different controls. To take a truly data-centric approach to securing it, you cannot be married to the technology, but instead you need to be married to the understanding of the data.
How is that even accomplished? I think the best way to go about identifying what data to protect is by defining a very targeted scope centered around the data and not around the technology. The importance of this approach is compounded when tackling the data protection component of a broader digital transformation initiative.
Digital transformation started with lift and shift of the infrastructure and computing to a cloud service provider (i.e. Amazon, Microsoft, Google, IBM), and suddenly organizations were in a new position – a shared responsibility model. Now organizations have a hybrid environment of cloud and on-prem, with on-prem protection tools and mindset. Amidst this digital transformation, throw in a pandemic and we are seeing the fastest move to the cloud ever, as well as an exponential growth of data.
So, I return to my original statement. In this world of exponential data growth sprinkled throughout the prem and cloud, how do organizations know what to protect? Organizations should consider working with a partner to help them secure their data during the digital transformation journey. How is data created, how is it used, who owns the data stores, and what are the effects on the data when you apply different controls?
For example, customers approach us with the following requirement: “I want to implement the latest and greatest SASE solution to protect my cloud environment.”
It would be easy for us to implement, configure, and hand them the keys, but is that really the best long-term solution for our customer? No.
The question should really be: “We need to protect our data. It is moving into XYZ environments, we are cloud first and are amid digital transformation at every level. How can you help?”
A good partner should reaffirm a data-first approach to protecting it. Start with an assessment to understand how the data is created, how it is used, what controls are in place today, and how they can be optimized with existing technology. Maybe the organization ultimately does need new tech, but that should be an outcome of the assessment…not a driver.