When discussing sensitive data, the importance of knowing where it is located and ensuring its security cannot be overstated. Failure to do so can result in disastrous consequences for organizations. Data resilience, a crucial aspect of cyber resilience, focuses specifically on an organization’s data assets. Security teams must strategically approach data resilience by understanding the location and contents of their sensitive data stores in order to adequately secure them.

Data discovery and classification are fundamental to data security, governance, and protection. Without knowing the existence of data (discovery), it is impossible to secure it. Similarly, understanding the contents of a data store (classification) is essential for taking appropriate measures to mitigate risks.

A recent research study conducted by the Enterprise Strategy Group, in collaboration with Jon Brown, delved into how enterprises are ensuring data resilience. The study surveyed 370 IT and cybersecurity professionals from midmarket and enterprise companies. It highlighted the importance of data security posture management (DSPM) in ensuring data resilience, emphasizing aspects such as data security, data protection, and data governance.

According to the research, the initial phase of a DSPM deployment, which involves locating, categorizing, and establishing policies around sensitive data, took less than six months for 76% of respondents. Different DSPM vendors differentiate themselves based on the time to value (TTV) of their offerings. Implementing DSPM requires a combination of people, processes, and technology, with the majority of time spent on the people and process side of the equation.

In conversations with security leaders and DSPM vendors, it became clear that aligning stakeholders and carefully planning the project rollout were crucial steps towards project success. The following steps were identified as critical in the DSPM deployment process:

1. Engage key stakeholders: Align essential stakeholders such as governance, risk, and compliance personnel, data teams, IT data protection, cloud architects, and security teams. Ensuring everyone understands the project’s objectives and their roles is essential for success.

2. Define goals, definitions, and metrics: Collaboratively establish project goals, data classifications, and key performance indicators to measure progress and success. Planning upfront helps mitigate friction during the project.

3. Secure executive buy-in: Present a compelling case for DSPM to executives, emphasizing its role in mitigating data risks and achieving compliance. Executive support ensures adequate resources for the project.

4. Assign roles and responsibilities: Clearly define the responsibilities of each team involved in the project, including compliance, data classification, and security monitoring.

Starting a DSPM project on the right foot and achieving stakeholder alignment can significantly improve the chances of overall project success. Organizations must prioritize data resilience and take proactive measures to secure their sensitive data assets.

Don’t miss the latest episode of the Dark Reading Confidential podcast, where cybersecurity professionals share their experiences of being arrested in Dallas County, Iowa, for conducting penetration tests. Listen now to learn more about their ordeal and the implications for cybersecurity professionals in the industry.

Source link