Don’t Let Security Die in Darkness

We are reminded every time we read the Washington Post that “Democracy Dies in Darkness.” The same principles that apply to a healthy democracy apply to corporate data security, too. 

In a democracy, lawmakers have an obligation to represent the best interests of the majority of their constituents, based on the best available data. However, what if that data is flawed; filled with gaps and false statements? What if a malicious foreign actor is interfering with the integrity of that data?

In a company, we normally find an administrator, a group of administrators, and cross-functional teams as the critical decision makers. Their decisions need to represent the best interest of the stakeholders based on the data that is presented to them, and a wrong decision could be devastating. Their critical data needs to be both complete and accurate. If the data is incomplete or false, whether influenced by a malicious actor or simply a human error, those decisions are being made “in the dark.”

Data detection An Organization’s Light

Critical data can be detected through a variety of security products; most commonly through a data loss protection (DLP) product. DLP solutions discover, monitor, and protect data independently whether within corporate premises or in cloud-based applications. A decision maker needs to feel confident that – wherever data goes – they are aware of the location, the accuracy, and the integrity of that data. However, if the data detection capability of their DLP solution is flawed, filled with gaps or false positives, then a decision maker is in the dark, and can no longer make decisions in the best interest of the company.

Reporting ‘on the truth, the whole truth, and nothing but the truth’ should become the foundation for a healthy security strategy, making it mission-critical for an organization to leverage a DLP solution containing the best data detection capabilities on the market. This is not a suggestion, it’s a decision maker’s obligation, in order to light the way to the truth.

Even when decision makers are armed with the truth, further action is necessary to protect and enforce their security decisions. In fact, data detection is just the beginning. Companies with the best security practices rely on a family of products beyond DLP. 

For example, cloud access security broker (CASB) products can extend data policies in the cloud.  Encryption products further protect the integrity of corporate data.  And identity and access management (IAM) products help ensure that a malicious actor does not access data.

When combining different security solutions, an extraordinarily powerful solution emerges, ensuring that your organization’s sensitive data is protected wherever it may go. The data is complete and truthful, and administrators are able to make the best possible decisions and keep the organization healthy. With the right products in hand, the fate of the business suddenly looks much brighter.

Of course, the fates of democratic countries rely on more than just the ability to shine light on the truth through their data integrity.  But they will almost certainly wither without that strength.  As a corporate security professional, your ability to influence the fate of your organization is far greater – and your mandate is no less urgent.