1

DATA SECURITY
 2

CONTENTS

• Why is data security important?

• Difference between data security and compliance
• Types of Data Security
• Data Security strategies
• Data Security Trends
• How data Security and other facets interact
 3

WHY IS DATA SECURITY IMPORTANT?

Data security is the practice of protecting digital

information from unauthorized access, corruption
or theft throughout its entire lifecycle. It’s a concept
that encompasses every aspect of information
security from the physical security of hardware and
storage devices to administrative and access
controls, as well as the logical security of software
applications. It also includes organizational policies
and procedures.
DATA SECURITY AND COMPLIANCE
4

What’s the difference?

Data security is the application of deterrents or security

controls to protect data. The level of deterrents or security
is commensurate to how the individual or entity uniquely
“values” the data.

Compliance is applying a baseline of security controls

(people, process, technology) defined by a standard. The
baseline is applied to a specific type of data….typically
regulated; such as health information, financial, personally
identifiable information
DATA SECURITY AND COMPLIANCE 5

Does Compliance equal highest level of security?

No, it ensures a repeatable, stable baseline of security
that can be measured to meet a specific regulatory
requirement
Does highest level of security mean you are “secure”?
Maybe, depends on where you place your security.
Can you cover 100%...probably not.

Data Security and Compliance are key pieces to GW’s

information risk management…ensuring compliance and
placing highest security controls on assets that matter the
most
 COMPLIANCE LANDSCAPE 6

http://www.higheredcompliance.org/matrix/
 BUSINESS CHALLENGES 7

Digital transformation is profoundly altering every aspect of

how today’s businesses operate and compete. The sheer
volume of data that enterprises create, manipulate and store
continues to grow, driving a greater need for data governance.
In addition, computing environments are more complex than
they once were, routinely spanning the public cloud, the
enterprise data center and numerous edge devices ranging
from Internet of Things (IoT) sensors to robots and remote
servers. This complexity creates an expanded attack surface
that’s more challenging to monitor and secure.
FRAMEWORKS AND STRATEGIES…MORE 8

THAN TECHNOLOGY
NIST 800-53 ISO27001

National Cybersecurity Framework

 BUSINESS CHALLENGES 9

The need for data compliance is magnified by maximum fines

in the millions of dollars. Every enterprise has a strong
financial incentive to ensure it maintains compliance.
 BUSINESS CHALLENGES 10

Security and compliance are often characterized as two sides of the

same coin—you can’t have one without the other. As cloud-resident
data increases, it raises the ante for the organization to secure ever-
growing data and meet compliance requirements
BUSINESS CHALLENGES 11
 BUSINESS CHALLENGES 12

Effective compliance program

 BUSINESS CHALLENGES 13

Usage of enterprise data security technologies

 ADVANCED DATA SECURITY… 14

Part of a defense in depth strategy to apply higher levels

of security to high value information/assets

• Penetration tests/Red team analysis

• Application code reviews
• System hardening
• Logging
• Intrusion detection
• Staff with advanced training/credentials (forensics,
malware analysis)
 EXAMPLES OF DATA SECURITY ≠ 15

COMPLIANCE

40 million credit cards stolen, Target was PCI (Payment

Card Industry) compliant, attacked through HVAC vendor
 TYPE OF DATA SECURITY 16

ENCRYPTION – using DATA MASKING –

an algorithm to organizations can allow
transform normal text teams to develop
characters into application using real
unreadable format. data

DATA ERASURE – uses
software to
completely overwrite
data in any storage
device.
DATA RESILIENCY –
determined by how well
an organizations endures
or recovers from any type
of failures – from
hardware to power
shortages and other
events that affects data
availability.
DATA SECURITY CAPABILTIES AND SOLUTIONS 17

Data discovery and

classification tools –
Data and files activity
sensitive information
monitoring – analyze
can reside in structures
data usage patterns,
and unstructured
enabling security teams
repositories including
to see who is access data,
databases, data
spot anomalies and
warehouse, big data
identify risks.
platforms and cloud
environment
Vulnerability
assessment and risk Automated
analysis tools – these compliance reporting
solutions ease the – comprehensive data
process of detecting protection solutions.
and mitigating
vulnerabilities
 DATA SECURITY STRATEGIES
Physical security
of servers and
user devices – a
cloud provider
will assume
responsibility
Backups – maintain
usable, thoroughly
tested backup copies of
all critical data is a core
component of any
robust data security
strategies.
18
Access
management and
controls – the Application security and
principle of “least- patching – all software
should be updated to
privilege access” the latest version
should be followed
throughout your
entire IT
environment.
Employee Education – Network and endpoints
training employees in security monitoring and
the importance of good controls – implementing
security practices and a comprehensive suite
password hygine - of threat management,
“human firewall” detection, and response
tools and platforms…
 19

COMMON DENOMINATORS
What are the common denominators?

• Knowing what data you have

• Knowing the value of the data
• Knowing the risks to your data
• Understanding likelihood and impact of these risks
• Accepting a level of risk
 20

COMMON RISK FACTORS

• Awareness of information in your care

• Access to information…need to know principle
• Dissemination of information…technology makes it easy
• Lack of knowledge or training of staff…knowing your role,
how to identify and what to do in situations
• Increased visibility of data loss…fines, reputational hit,
accreditation risks, grants
 21

BEST PRACTICES YOU CAN TAKE

Referencing back to the Common Denominators slide
• Knowing what data you have
• Knowing the value of the data
• Knowing the risks to your data
• Understanding the risk tolerance
• Ensure you and your team are leveraging available resources
(tools, training, seminars)
• Never hesitate to ask for assistance…better to be safe
 22

DATA SECURITY TRENDS

AI – this allows for rapid decision-

making in times of critical need.

Quantum – a revolutionary
technology,

• Multicloud security – the

definition of data security
has expanded as cloud
capabilities grow,
HOW DATA SECURITY AND OTHER 23

SECURITY FACETS INTERACT

Achieving enterprise-grade data
security - the key to applying an
effective data security strategy is
Data security and BYOD - the use of
adopting a risk-based approach to
personal computers, tablets, and
protecting data across the entire
mobile devices in enterprise
enterprise
computing environments is on the
rise despite security leaders’ well-
founded concerns about the risks
that this practice can pose
Data security and the cloud -
securing cloud-based
infrastructures requires a different
approach than the traditional
model of situating defenses at the
network’s perimeter.