Data is the lifeblood of any organization today so it should be easy to understand that security of that data is just as important (if not more important) that the data itself. It seems that data security (or rather the lack thereof) has been in the news regularly over the last few years. The inability for organizations to secure their has caused millions (if not billions) of dollars in damages from lost revenue in addition to the loss of trust. A machine learning approach will never fully replace a human in the security chain, but it can help IT professionals monitor IT system and data security as well as monitor who (and how) data is accessed and used throughout the organization.
Throughout the many different IT departments I’ve talked with over the years, I haven’t met any IT professional in an enterprise organization who wasn’t interested in ensuring enterprise security is intact. Organizations have spent considerable amount of time, effort and money to implement the proper security systems and protocols but most IT professionals are still worried about data security.
That said, only a small percentage of these same security conscious people have systems or processes in place that accurately and quickly monitor how secure their data is. In my experiences, sensitive data in most organizations is generally secure but isn’t regularly monitored or audited due to the costs and time commitment needed for analyzing access patterns and ensuring there’s been no intrusions. In fact, in many organizations, IT professionals would be unable to provide a clear location of sensitive data throughout their organization.
In a Ponemon report titled ‘The State of Data Centric Security’, 57% of survey respondents report see their biggest security risk being that they don’t understand where their sensitive data lives. According to that same report, most IT professionals (79% of respondents) believe that not knowing where their sensitive data lives is a big security concern but only a small majority (51% of respondents) believe that it should be a priority to protect and secure their sensitive data. This gap is problematic and will cause significant issues for organizations.
Data has been – and will continue to be – a large part of most organizations’ digital transformation strategy. That said, this data is also creating new vulnerabilities without the property security systems and process in place. Graeme Thompson, CIO of Informatica, argues this point very well in Data Security: Don’t Call an Ambulance for a Sore Throat when he writes:
Just as businesses have evolved toward the cloud, they’re also evolving toward enterprise-wide data access. We recognize the valuable insights and innovations to be gleaned from trading siloed departmental data warehouses for the comprehensive enterprise data lake. Tearing down those silos can cost us a layer of security around specific data sets, but curling up in an information panic room is not the way forward.
Last year, I was speaking with the CISO for a large enterprise organization. The conversation was around how much time they’ve been spending on thinking about and securing their IT systems and their data. This particular CISO has done a very good job of implementing master data management systems and processes to ensure their data is safe, accurate and available. Though he has done an admirable job, he worries that he doesn’t have the manpower or budget to feel comfortable that the organization’s data is as secure as it can be.
With the large amounts of both structured and unstructured data in most organizations, some of the older IT security approaches may not work as well as they might have in the past. My suggestion to this CISO was to spend some time investigating the use of machine learning approaches to data security. Machine learning can provide an organization with a ‘second set’ of eyes and ears that can be focused on data security. Implementing machine learning systems can not only free up team members to focus on other things but – more importantly – these systems can monitor threats and issues at a scale that humans just can’t replicate.
The CISO I mentioned earlier is currently trialing an approach that uses machine learning security monitoring system for both his IT systems and his various data stores and, even though this system has only been in place for less a few months, he’s already begun to see efficiency improvements for security monitoring across the enterprise. As an example, after only a few days of their new machine learning enabled security platform being in place, they were seeing hundreds of issues through their monitoring systems that they hadn’t been able to capture before. From these efficiencies, he’s been able to re-assign one of his IT personnel from full-time security monitoring to a less than full-time role because the monitoring has been capable of raising alerts in real-time without any manual intervention.
In addition to the act of monitoring for intrusions and security issues, these machine learning systems can help IT professionals locate and manage their sensitive data, recommend remediation efforts and actions when issues are found and gain a better understanding of who is accessing and using data across the organization.
Like many other areas within the modern organization, machine learning is changing how companies approach data security and changing data security itself. Machine learning isn’t a panacea for security, but it is is a very good tool to have in your security tool box.
Originally published on CIO.com
[…] be accessible using modern data management, data governance and data integration systems (with the proper security protocols in place) in order to make data accurate and usable to be a used as a driving force for digital […]
Have you ever given thought on IT Security Operations data to measure effectiveness?
I have Albert. I’ve actually worked on a project that used various IT Ops data (including security data) to measure effectiveness and accuracy.
I see my first post came through.
Can we speak in the near future? I just want to compare experiences.
Have you seen organization try to use data to manage IT Security Operations? A bit different in application from data security.