Menu
Banking Exchange Magazine Logo
Menu

Link data across silos to avoid big-data security chaos

Data-centric audit and protection’ products needed

Link data across silos to avoid big-data security chaos

Chief Information Security Officers should not treat big data security in isolation, but require policies that encompass all data silos if they are to avoid security chaos, according to Gartner, Inc.

Gartner predicts that, through 2016, more than 80% of organizations will fail to develop a consolidated data security policy across silos, leading to potential noncompliance, security breaches, and financial liabilities.

"Businesses have traditionally managed data within structured and unstructured silos, driven by inherent requirements to deploy relational database management systems, file storage systems, and unstructured file shares," says Brian Lowans, principal research analyst at Gartner. "However, the advent of big data and cloud storage environments is transforming the way in which data is stored, accessed, and processed, and CISOs need to develop a datacentric security approach. Unfortunately this is not common practice today, and its planning is critical to avoid uncoordinated data security policies and management."

CISOs need to collaborate with trusted team members to develop and manage an enterprise data security policy that defines data residency requirements, stakeholder responsibilities, business needs, risk appetite, data process needs, and security controls.

"Although the ability to apply a data security governance policy across data silos is also becoming paramount, the market has so far failed to offer CISOs the data-centric audit and protection products they need to operate across all silos with consistency," says Earl Perkins, research vice president at Gartner. "Instead, the use of different tools for each silo is complicating the implementation of any business-wide data security plans due to different functionalities, network architectures and data repositories."

Access to public cloud services and infrastructure further complicates this process due to the potential access by cloud service providers and security vendors. Data flows will inevitably result in a growing need to monitor and audit access, and to protect data across silos. Although vendors continue to develop product capabilities that are applicable to different silo repositories on premises and in the cloud, the market is also evolving toward a DCAP set of solutions, but we are not there yet.

"First, CISOs need to evaluate current implementations of DCAP solutions against data security policies that address database, unstructured, cloud storage and big data silos," says Lowans. "Second, they need to identify gaps in the current implementation of their data security policies and review the risks with business stakeholders against potential DCAP solutions."

While assessment and revisions to data access policy and its implementation through DCAP solutions will help dictate accountability, it will also require a level of ownership from business unit stakeholders.

"Business stakeholders may not be accustomed to having strong relations with security teams, and CISOs will need to build partnerships with them to develop new management structures for data security accountability and to identify cross-functional training needs," says Lowans.

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top

Sections

About Us

Connect With Us

Resources

Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.

REGISTER NOW!

This webinar is brought to you by:
Vouched Logo