Bart Koek, Field Chief Technology Officer of EMEA and APJ for Immuta, a data security platform, discusses the rise of data security to mitigate cyber security threats.
It feels as though every week we hear of yet another company or organisation impacted by the continuous and aggressive rise in cyber security attacks. In the last year alone, 39 per cent of businesses experienced a data breach in their cloud environment, which has increased four percentage points since last year.
However, despite the threat level that cyber-attacks pose, there is a worrying lack of cybersecurity preparedness in the age of evolving cyber security threats, made only more complex by the capabilities of generative AI. It has been reported that less than half of the sensitive data in organisations’ cloud environments is encrypted. On top of this, only 45 per cent of sensitive data stored in the cloud is currently encrypted despite the increase in the amount of sensitive data being stored in the cloud, according to Thales’s latest report.
There is a clear call for data to be sufficiently protected and handled with care, especially in an increasingly digital world. However, security teams around the world are still lacking when it comes to anticipating the potential impact of data processing activities, providing the right access at the right time and controlling usage in real time. Data security needs to become a priority.
Data security versus cyber security
There is a big difference between data security and cybersecurity. While many assume there are minimal differences, Cybersecurity encompasses the general protection of digital assets, which includes data, whereas data security is much more specific. It refers only to the protection of sensitive or confidential information from unauthorized access, use, disclosure, or destruction.
Just like cybersecurity, data security can also be achieved through a variety of methods including, but not limited to:
Access control measures including authorisation and authentication.
Implementing security policies that restrict sensitive information depending on the sensitivity of information and the user’s need-to-know.
Physical security measures such as locks or encryption.
Business continuity planning (BCP) in case an incident occurs that causes loss or damage to your organization’s systems.
Cybercrime is on the rise, with many cybercriminals making a livelihood out of attacks. Due to the exponential growth of data being generated, stored and shared by both individuals and organisations, the opportunity for criminals and therefore the risk of a data breach has never been more prominent.
Organisations are not sitting back, they are taking a stand and implementing new data security techniques to combat the threat, but this alone is, unfortunately, still not enough.
Data security is no easy feat, and comes with its own set of unique, regulatory challenges that further differentiate it from cyber security. Data security encompasses the protection of data throughout its entire lifecycle – unlike cybersecurity which generally focuses on securing systems from unauthorised access alone. As a result, data infrastructure and technology investments are likely to prioritise solutions that include data classification, data access control, sensitive data discovery and uninterrupted data monitoring and detection.
Because it is a much broader remit, data security requires more of a unified and holistic approach. This is one of the biggest challenges that many organisations face when implementing data security measures. Data teams and security teams, due to either having opposing motivations or varying goals, fail to communicate with each other on data security effectively.
This often results in data being siloed across different platforms, adding complications into the management and access of data. These complications blur the lines of accountability when it comes to the data being secure. On top of this, if data sources are copied and stored in team or department-specific silos, or fragmented across a data ecosystem, it becomes very hard to control this information, making securing it much harder. The most common reason for this is often the two teams disagreeing on the trade-off between data utility and security.
The management of data access needs to be consistent throughout the whole data stack, which is only achievable when data policies are universally applied throughout a business.
Marrying up with data regulations
Organisations also have data privacy regulations to comply with, on top of ensuring a unified data security approach. GDPR is becoming increasingly important and is heavily enforced by the organisations responsible, with GDPR fines in the EU in the first half of 2023 having already reached €1.5 billion. To adhere to these regulations, organisations must anticipate the potential impact of data processing activities, provide the right access at the right time and control usage of data in real time.
But there are ways that both the data access controls can protect data and ensure data access compliance with data regulations. These approaches guarantee that authorised individuals have access to relevant data, while simultaneously monitoring data usage in real-time and implementing appropriate protective measures. Once these comprehensive and inherently compliant methods are established, data access is expedited.
Data as foundation of company culture
Data is the fuel that informs strategic decisions and, ultimately, drives growth. Data production and storage is continuing to increase at an exponential rate, and therefore it is critical that businesses to embrace and instil a data-driven approach within their organisation.
But as data continues to grow and form the foundations of business, with organisations depending on it for operations, it is vital that the risk of a data breach is minimised. To achieve this, data security must be at the core of all operations, by monitoring and adapting access, to ensure a secure, scalable data mesh architecture.
About Bart Koek
Bart has a varied career in data that spans from enhancing and analyzing race car performance before, during and after races for the Scuderia Toro Rosso F1 Team, to being the technical director of the Nuon Solar Team, where he stretched the limits of race car speeds and distances purely by solar energy. In recent years, Bart has worked for a number of Data Science platform providers, supporting customers on using data in the cloud. He attended Delft University of Technology in the Netherlands, where he earned a Bachelor’s Degree in Mechanical Engineering and a Master of Science in Systems and Control. Bart joined Immuta in 2021 and has been working with some of the largest brands in Europe to support their data security and access control objectives.
