DATA GOVERNANCE,
RISK AND DIGITAL
TRANSFORMATION
Risk: The language
of every boardroom
One of the most important responsibilities of C-level executives
is to balance risk against opportunity and mitigate threats to their business objectives.
In order to successfully manage risk, however, organizations must have visibility and insight into existing and emerging vulnerabilities
and threats. Simply put, organizations
can’t mitigate risks they can’t see or
don’t anticipate.
Today, data doesn’t just live in highly secure data centers. It lives in a multitude of places and is utilized by an ever-shifting array of users that includes office workers, mobile employees, contractors, partners, vendors
and customers. And with 87% of companies relying on the use of personal devices, this issue will continue to grow.
That data is also accessed by a constantly evolving range of technologies and
applications, each of which represents potential vulnerabilities and threats: IoT networks, data analytics applications at the network edge, collaboration tools used by partners, and
many more. In this more complex, dynamic environment, companies need to have the answers to some critical questions, including:
It's a limitless world
87
%
OF COMPANIES
RELY ON THE USE OF PERSONAL DEVICES
Where are all the places where the organization’s data lives?
Who is accessing it?
How is that data being used?
How important is each piece of data?
How do we protect that data today?
And how do we continually protect it
as all of the variables above change?
These questions become even more difficult to answer as companies begin implementing digital transformation (DX) initiatives that have speed to market and agility as driving principles. These digital tranformation initiatives are designed to pursue market opportunities before brief windows of opportunity close, deliver new solutions to customers faster than rivals, enable better customer experience, and achieve other business objectives. A recent study by Gartner reported that 62% of CEOs surveyed have a management initiative or transformation program to make their business more digital.
Digital transformation initiatives come with a downside when it comes to security, though, because they lead to more data living in more places, being accessed in more ways, by more people, with all of those things changing at a faster rate than ever before. The risks are significant, particularly given how frequently data breaches happen and how costly these incidents can be.
Digital transformation adds complexity
62
%
of CEOs say they have a management initiative or transformation program underway to make their business more digital
Optiv Security believes that in order to
truly mitigate these risks in a world moving at the speed of digital transformation, organizations need a new approach to data governance and an effective model for risk governance. Those two elements allow organizations to make informed, risk-driven security decisions and respond to the greater
vulnerabilities and threats that exist when moving at the speed of digital transformation.
A new approach is needed
ORGANIZATIONS NEED
A NEW APPROACH TO
DATA GOVERNANCE AND AN EFFECTIVE MODEL
FOR RISK GOVERNANCE
Managing the creation, modification, archival, and deletion of enterprise or customer data
The 8 pillars of effective data governance
How the organization, its executive stakeholders, and its subject matter experts approach data-related policies, metrics, pain points, drivers, and the supporting people, process, and technology changes
Identifying data and appropriately managing the confidentiality, integrity, and availability of data, the value of that data, and related controls
Enforcing the associated data policies, quality, ownership controls and responsibilities
Detects and prevents potential data breaches and data exfiltration, maliciously or unintentionally
Data in-use, in-motion, and at-rest is classified while controls provide actionable analysis and insight, enabling proactive identification of business risks
Ensures compliance and least privileged access per classification level throughout the information lifecycle
DATA PROGRAM AND
GOVERNANCE
DATA DISCOVERY AND
CLASSIFICATION
DATA STEWARDSHIP
DATA ACTIVITY AND
ANOMALY DETECTION
DATA LOSS PREVENTION
DATA PROTECTION CONTROLS
DATA ACCESS GOVERNANCE
In a business environment in which data lives in more and more places, and is accessed by a wider range of users in more and more ways, this new approach to data governance allows organizations to make risk-based decisions
that enable them to identify and respond to vulnerabilities and incidents while still achieving the speed and agility that is at the heart of digital transformation initiatives.
Risk-based governance
enables agility
ORGANIZATIONS NEED
A NEW APPROACH TO
DATA GOVERNANCE AND AN EFFECTIVE MODEL
FOR RISK GOVERNANCE
Want to learn more?
Check this out
Secure your digital transformation initiatives
Optiv Security is a security solutions integrator that enables clients to significantly reduce enterprise risk by taking a strategic “inside-out” approach to cybersecurity. While the traditional threat-centric “outside-in” approach focuses first on identifying specific threats and then on reacting with technology procurement, Optiv starts with the core equirement of every enterprise—risk mitigation—and builds out from there with strategy, infrastructure rationalization, operations optimization and ongoing measurement. This enables clients to build a sustainable risk-centric foundation for implementing proactive and measurable security programs that are far more effective at reducing current and future risk than is possible with the reactive outside-in model.
1. Syntonic, BYOD Usage in the Enterprise, 2016.
2. Smarter with Gartner, Mobilize Every Function in the Organization for Digitalization, December 3, 2018
3. Ponemon Institute, Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations, Release 2, 2016.
4. Ponemon Institute sponsored by Globalscape, The True Cost of Compliance with Data Protection Regulations, 2017.
Copyright © 2019 Optiv Security Inc. All Rights Reserved.
WHAT IT IS
WHAT IT MEANS
2
3
4
1
2
1
DATA LIFECYCLE
A policy-based approach to manage data from creation and initial storage to the time it becomes obsolete and is deleted
Share:
Share: