Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Adopt a data-centric approach to security: Heidi Shey, Forrester

Yogesh Gupta | June 29, 2016
CISOs should evaluate their security maturity and develop a roadmap to reach the next level of maturity says Heidi Shey, Senior Analyst serving Security & Risk Professionals, Forrester.

DLP is an important tool for security and privacy. It is also an evolving technology, and increasingly we find DLP as a feature embedded within other security tools. DLP is not, however, a silver bullet. To be effective, firms have to consider processes for DLP maturity and success.

Your list of Dos and Don'ts for CISOs of Indian companies for 2016?

DO: If you have not already, evaluate your security maturity and develop a roadmap for steps to take to reach the next level of maturity. Consider the types of security metrics that you are collecting and reporting to the business, and how these metrics connect to higher level business goals and initiatives. Assess your firm's security and privacy culture, and attitudes around sensitive data handling and use; identify how you can improve and foster a culture that respects data security and privacy. 

DON'T:  While compliance is necessary and important, do not base your security strategy solely on meeting compliance requirements. You'll miss out on protecting sensitive data that doesn't fall under compliance, and risk reinforcing the notion that security is a cost center rather than business enabler.    

 What new developments are expected next year including the importance of cloud and mobile security by enterprises? 

I believe we'll see more developments around security analytics and machine learning capabilities in security tools. The notion of harnessing security data to protect sensitive data, and gaining greater awareness about data movement as well as context will help to better protect sensitive data.

There are many approaches that organizations can take for mobile and cloud security. At the root of it, focus and bring the controls back to the data (take a data-centric approach to security). Gain visibility, and control the access and the use. The data is what ultimately matters here. 

Source: Computerworld India 


Previous Page  1  2 

Sign up for Computerworld eNewsletters.