Gartner Says Big Data Needs a Data-Centric Security Focus

CISOs Must Take Steps to Protect Data That is Expanding in Volume, Variety and Velocity / Gartner Analysts to Discuss the Outlook for Security at the Gartner Security & Risk Management Summits 2014, 23-26 June in Maryland, 25-26 August in Sydney and 8-9 S

(PresseBox) ( Egham, UK, )
Chief Information Security Officers (CISOs) should not treat big data security in isolation, but require policies that encompass all data silos if they are to avoid security chaos, according to Gartner, Inc.

Gartner predicts that, through 2016, more than 80 per cent of organisations will fail to develop a consolidated data security policy across silos, leading to potential noncompliance, security breaches and financial liabilities.

"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems and unstructured file shares," said Brian Lowans, principal research analyst at Gartner. "However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed and processed, and CISOs need to develop a data-centric security approach. Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management."

CISOs need to collaborate with trusted team members to develop and manage an enterprise data security policy that defines data residency requirements, stakeholder responsibilities, business needs, risk appetite, data process needs and security controls.

"Although the ability to apply a data security governance policy across data silos is also becoming paramount, the market has so far failed to offer CISOs the data-centric audit and protection (DCAP) products they need to operate across all silos with consistency," said Earl Perkins, research vice president at Gartner. "Instead, the use of different tools for each silo is complicating the implementation of any businesswide data security plans due to different functionalities, network architectures and data repositories."

Access to public cloud services and infrastructure further complicates this process due to the potential access by cloud service providers and security vendors. Data flows will inevitably result in a growing need to monitor and audit access, and to protect data across silos. Although vendors continue to develop product capabilities that are applicable to different silo repositories on premises and in the cloud, the market is also evolving toward a DCAP set of solutions, but we are not there yet.

"First, CISOs need to evaluate current implementations of DCAP solutions against data security policies that address database, unstructured, cloud storage and big data silos," said Mr Lowans. "Second, they need to identify gaps in the current implementation of their data security policies and review the risks with business stakeholders against potential DCAP solutions."

While assessment and revisions to data access policy and its implementation through DCAP solutions will help dictate accountability, it will also require a level of ownership from business unit stakeholders.

"Business stakeholders may not be accustomed to having strong relations with security teams, and CISOs will need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs," said Mr Lowans.

More detailed analysis is available in the report "Big Data Needs a Data-Centric Security Focus."

Gartner analysts will discuss the outlook for security at the Gartner Security & Risk Management Summits 2014 taking place on:

23-26 June in National Harbor, Maryland
25-26 August in Sydney, Australia
8-9 September in London, UK

Members of the media can register for press passes to the Summits by contacting christy.pettey@gartner.com (US), susan.moore@gartner.com (Sydney) or laurence.goasduff@gartner.com (London).

Information from the Gartner Security & Risk Management Summits 2014 will be shared on Twitter at http://twitter.com/Gartner_inc using #GartnerSEC.
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an service@pressebox.de.