Security strategies need to focus on protecting data, not devices

cyber security
Image credit: BeeBright /

Today’s security solutions aren’t enough to protect data stored in our systems. It’s time to secure data by considering it as an endpoint in itself.

In this day and age, hardly a week goes past without news of a new data breach. More interestingly, the news is no longer just about the size of the breach, but the quality and type of data that is being accessed plus whether that data was stolen or deleted.

Consider the September 2017 Equifax breach. At 143 million records, it is significantly smaller than the 500 million records lost by Yahoo in 2014. However, the quality of the data is so much richer than in previous hacks and will be significantly more impactful due to the wider family of uses it can be applied to (none of them good!).

As the Internet of Things (IoT) becomes prevalent across industry and the consumer landscapes, the number of endpoint devices that need securing will increase by orders of magnitude. Combined with the velocity of cloud adoption, the amount of data stored outside the traditional data center implies that data will truly become the ‘new oil’ lubricating the data economy.

To fully understand the challenges of IT security, a number of harsh realities must be considered:

  • Device connectivity breeds risk. It is almost impossible to maintain secure systems in this day and age. Connections to the internet exposes ports and protocols that could be attacked by the world at large. Over time these are locked down and access to systems and networks are slowly reduced.
  • It’s the devices, not data. For much of the past 20 years, the focus has been on securing systems and deny access to unauthorized users. The theory was that a secure perimeter implies secure data. This is clearly not the case. Indeed, the goal of many would-be hackers is to beg, borrow, or steal the credentials of an authorized user, enabling them to thus act freely across the internal systems.

In the world of cloud and IoT, these approaches fail. Therefore, protection strategies must evolve dramatically if we are to have any chance to improve overall security.

Data has never been perceived as having a value as high as it does today, and it looks as if this value is only going to grow over time.

So, understanding this, organizations need to reconsider how to secure this data that is being created outside of the traditional secure environment; how to securely capture, manage and share this data with trusted partners.

Today’s security solutions are not sufficient to protect the data stored within our systems. It is time to rethink how we secure the data by considering it as an endpoint with an active role in the overall security strategy rather than as a passive element in transactional systems.

Hugh Ujhazy, associate vice president of IOT & Telecoms at IDCWritten by Hugh Ujhazy, associate vice president of IOT & Telecoms at IDC | Originally published on LinkedIn

For more on this topic, see “Is Data the New Endpoint?” by Simon Piff and Hugh Ujhazy.

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.