A data-centric security strategy, aided by artificial intelligence techniques, will help CIOs keep up with constantly evolving threats.
Organizations have spent considerable amounts of time, effort, and money to implement the proper security systems and protocols – but most IT professionals still worry about data security.
Part of the challenge is being able to accurately and quickly monitor how secure your data is. In my experiences, most organizations generally keep their sensitive data secure but don’t regularly monitor or audit the data, due to the costs and time commitment they need for analyzing access patterns and ensuring there have been no intrusions. In many organizations, IT professionals would be unable to provide a clear location of all sensitive data throughout their organization.
In a Ponemon report titled “The State of Data Centric Security”, 57% of survey respondents said their biggest security concern is not knowing where their sensitive data lives. Most IT professionals (79% of respondents) said this uncertainty is a significant security risk.
Data has been – and will continue to be – a large part of most organizations’ digital transformation strategy. That said, this data is also creating new vulnerabilities without the property security systems and process in place. Graeme Thompson, CIO of Informatica, underscores this point well in a recent blog post:
“Just as businesses have evolved toward the cloud, they’re also evolving toward enterprise-wide data access,” Thompson writes. “We recognize the valuable insights and innovations to be gleaned from trading siloed departmental data warehouses for the comprehensive enterprise data lake. Tearing down those silos can cost us a layer of security around specific data sets, but curling up in an information panic room is not the way forward.”
The Role of Machine Learning in Security
Last year, I was speaking with the CISO for a large enterprise organization. The conversation was around how much time they’ve been spending on thinking about and securing their IT systems and their data. This CISO has done a very good job of implementing master data management systems and processes to ensure their data is safe, accurate, and available. Though he has done an admirable job, he worries that he doesn’t have the manpower or budget to feel comfortable that the organization’s data is as secure as it can be.
With the growing amounts of structured and unstructured data in most organizations, some of the older IT security approaches may not work as well as they once did. My suggestion to this CISO was to spend some time investigating the use of AI-based machine learning approaches to data security. Implementing machine learning in security systems can not only free up team members to focus on other things but – more importantly – these systems can monitor threats and issues at a scale that humans just can’t replicate.
In addition, machine learning systems can help IT professionals better locate and manage their sensitive data, recommend remediation efforts and actions, and gain a better understanding of who is accessing and using data across the organization.
The CISO I spoke with is currently trialing an approach that uses machine learning security monitoring system for both his IT systems and his various data stores. Even though this system has only been in place for less a few months, he’s already begun to see efficiency improvements for security monitoring across the enterprise.
Like many other areas within the modern organization, machine learning is changing how companies approach data security with new levels of automation and intelligence. Machine learning isn’t a panacea for security, but it is a very good tool to have in your security tool box.
For more on how transformational CIOs are improving their organizations’ security intelligence, visit https://www.informatica.com/CIO.