In a recent video published by Help Net Security, Nathan Parks, a Senior Research Specialist at Gartner, delves into the findings of their latest research. The study revealed a concerning statistic – only 14% of security leaders are effectively balancing data security with business goals.
According to the research, 35% of leaders are solely focused on securing data, while 21% prioritize using data for business objectives. This leaves a mere one in seven organizations capable of effectively juggling both aspects, putting them at risk of increased vulnerability to cyber threats and operational inefficiencies.
To address this issue, Gartner recommends that security and risk management leaders take five specific actions to align business needs with data security and achieve both data protection and business enablement goals.
Firstly, it is advised to reduce governance-related friction for the business by establishing a solid process to co-create data security policies and standards with end users, as well as inviting their feedback. This collaborative approach can help ensure that security measures are not hindering business operations.
Secondly, leaders are encouraged to align their data security governance efforts by collaborating with other internal functions to identify overlaps and synergies. This cross-functional approach can lead to a more cohesive and efficient data security strategy.
Next, it is crucial to delineate non-negotiable security requirements that must be met by the business when facing previously unknown data security risks. This proactive approach can help mitigate potential vulnerabilities before they escalate into serious threats.
Additionally, establishing high-level guardrails around GenAI-related decisions, such as when to pause or stop a GenAI tool or feature, can provide a framework for business experimentation within defined parameters. This level of control can help prevent unexpected security breaches or pitfalls.
Lastly, working in tandem with data and analytics (D&A) teams to secure top-down buy-in on data security initiatives can ensure alignment and cooperation across the organization. By involving key stakeholders early on, leaders can garner support and commitment to data security efforts.
By following these recommended actions, security and risk management leaders can bridge the gap between data security and business goals, ultimately strengthening their organization’s overall security posture and enabling more efficient and effective business operations.