• United States



Contributing Writer

Data security risks

Dec 08, 20092 mins
Cisco SystemsData and Information Security

There are many data security risks but ESG Research indicates that 3 stand out above all others

Confidential data (i.e. regulated data, private data, company confidential data, PII, etc.) is everywhere — on laptops, thumb drives, file servers, and enterprise storage devices. This also means that confidential data is at risk everywhere. In other words, my organization could suffer a data breach as a result of a stolen laptop, external hacking exploit, or lost box of backup tapes. This represents an overwhelming situation for IT and security professionals. How can you possibly safeguard data when it is literally everywhere inside and outside of the enterprise?There may be a glimmer of hope. ESG Research indicates that confidential data is most at based upon three risk factors:1. Volume. If lots of people have access to confidential data it is more at risk than if only a few can see it. Likewise, if there are many copies of a file containing confidential data, it is more at risk than if it is on a single common file.2. Mobility. The more mobile the confidential data, the higher the risk of a confidential data breach. There are few examples of lost tapes in the data center but many data breaches related to lost tapes in transit.3. Proximity to IT. Ten terabytes of confidential data stored in the data center is safer than a 1MB file on mobile laptops. In other words, the more IT oversight, the less risk.These three risk factors can be a useful guide for security countermeasures. High volume, mobile data must be surrounded by security safeguards in the form of user training, data security, and behavior monitoring. Authentication and entitlement management is also part of the solution.At ESG, we created the “outside-in” security model where risk grows as a function of distance from the data center. It proposes different processes, training, and security technologies for 5 different security zones. The paper is available on the ESG web site. I hope it helps to bring some order to the pervasive state of data security chaos.

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author