A Data-Centric Approach To Cyber Security

by CXOtoday News Desk    Feb 04, 2015

amit walia

Increased mobile connectedness, Internet of Things, Big Data and Cloud infrastructure are giving rise to a greater number of data breaches, and identity thefts today, not sparing governments, commercial industries, and our personal privacy. In an interview with CXOtoday, Amit Walia, SVP, GM at Informatica, throws light on how trends in data will play a key role in shaping the future of the information security market. Excerpt.

 What trends do you believe will have the biggest impact on the information security market?

Most industries have already experienced the digital transformation. Healthcare has shifted from paper-based records to electronic health records.  Multi-channel commerce is demonstrating that online transactions are dominating the retail industry.  The Internet of Things is connecting devices to humans via the internet.  Enterprises are leveraging more cost effective software development models by using outsourced and offshore teams.   All of these trends will expose more data to the threat of a breach.  Data is proliferating beyond the firewall which will require security strategies that are data-centric.

What do you mean by data-centric security?

Data-Centric security is a new approach to the information security paradigm that emphasizes the security of the data itself rather than the security of networks or applications.   As enterprises rapidly innovate with new SMAC (Social, Mobile, Analytics and Cloud)-based architectures, data is expected to proliferate across different technology stacks with unique security paradigms and control frameworks. Data-centric security is the only way to ensure consistency in applying security controls and minimize the impact in the event of a breach.

What role does data play in the security market?

 Let’s face it.  Data is the new oil, and everyone wants to steal it.  Until the recent advent of alternative energies, oil primarily fueled everything from cars to data centersto the entire global economy. And those that controlled it not only became the wealthiest on the planetbut wielded incredible influence on the political stage. In today’s digital age, those that control andwield data to create competitive advantage for their organization are the new global business titans. Likemany memes, the phrase “data is the new oil” has murky origins but has wiggled its way not only intodiscussions with business strategists and marketers, but with IT leaders as well. It’s an apt analogy. “Data”is the business. Data is the intellectual property (trade secrets, formulas, designs, code, search algorithms)that differentiates an organization’s products and services, and those that can process, store, and analyse data effectively for business intelligence can beat competitors to market with better and more rapiddecision-making. All of this makes data the new oil.

You mentioned connected devices. What risks will we face as we see more innovation in the Internet of Things?

Let’s use the insurance dongle as an example.  Some of the largest automobile insurance providers offer a device that you can plug into your car.  It tracks how you drive.  If you drive safely, you pay less for car insurance.  What many may not be aware of is that these devices were designed without embedding common security technologies exposing the risk of an attack. A sophisticated hacker could breach the communications protocol and take over a fleet of vehicles, risking human lives.  We need to ensure that as data is integrated from device to the enterprise, that it remains secure to avoid catastrophic losses.

How well-prepared are security specialists to address these security risks?

The Ponemon Institute stated that the biggest concern for security professionals is that they do not know where sensitive data resides.  This is a serious issue.  How can you fix a security leak when you don’t even know where to start?  I believe we need to expect that we will all be breached and we need to approach this in two ways. First, we need to educate developers on the importance to design security controls into applications and connected devices from the start.  Time to market and functionality are critical to sustain competitive differentiation.  But when a breach occurs, all of that hard work will be for nothing.  Second, data management and security administrator professionals need to collaborate on implementing processes that identify, classify, and track where sensitive and private data proliferates.  Investments in data-centric security technologies, such as data security intelligence and data security controls (i.e. masking and encryption) will advance our ability to minimize the impact when a breach occurs.

What is Informatica doing to advance innovation in the area of information security?

 Last year, Informatica significantly increased R&D investments in data security to support the data-centric security imperative.  This year, we continue the commitment by organizing around the vision.  I am pleased to be leading the Informatica Data Security Group, a newly-formed business unit comprised of a team dedicated to data security innovation.  By having a dedicated business unit and engineering resources applying Informatica’s Intelligent Data Platform technology to a security problem, we believe we can make a significant difference addressing a serious challenge for enterprises across the globe.  The world of data is transforming around us and we are committed to transforming the data security industry to keep our customer’s data clean, safe and connected