Data Protection 2.0: It's Not Just Names and Numbers Anymore

CISOs and their security programs are facing nearly overwhelming pressure to take a renewed focus on data protection. The external forces of advanced threats and a multitude of compliance obligations, combined with the internal forces of new business initiatives, lead to a complex set of data protection requirements. These requirements are then overlaid on a virtual explosion in data volumes and variety of locations where data may reside. And if that's not enough, the scope of data to be protected includes not only customer data, but internal data and system data as well. To be more specific...

• Adaptive, targeted malware, advanced, persistent threats and a growing body of compliance obligations mandate a focus on data protection.
• The drive toward increased data sharing with partners and customers erodes the notion of a perimeter, in parallel with strong economic incentives for moving data and processing into the "cloud."
• The IDC 2010 Digital Universe Study predicts that from 2009 to 2020 the amount of data in the "Digital Universe" will grow by a factor of 44 times to 35 trillion gigabytes.
• The 2010 Verizon Data Breach Investigations Report noted that criminals are increasingly focused on system data in two forms; 1) exploiting configuration weaknesses rather than software vulnerabilities in order to steal information from computer systems and, 2) tampering with or deleting logs to hamper detection and investigations.

This paper provides an overview of the many data protection challenges CISOs are facing and suggests a sequence of five actions for addressing these challenges.