Data security breaches are on the rise across industries, influencing a host of new and ever-more stringent data regulations. Today, even the smallest mishandling or misuse of data can incur big fines and long-lasting reputational damage and in 2023 this will be ever more marked.
Organisations need to have a clear sense of data usage and how best to keep it secure and a clearly-defined and well-executed data governance strategy will be key to their success, says Dustin Lehr, Sr. director of platform security at Fivetran.
“We can expect the data protection landscape in the UK to remain particularly precarious, with Brexit forcing a wedge between EU GDPR and the still-to-be determined UK-centric compliance policy. And yet, organisations cannot hope to plead ignorance under the watchful eye of the new Information Commissioner, who has already made a name for himself as an iron-fisted defender of individuals’ data rights.
The growing pains of data management
“Every business wants more data, faster insights and better decision-making capabilities, but balancing the ambitions tied to the promise of Big Data with the need to remain compliant at every step of the way continues to pose a dilemma. Data democratisation – the process of ensuring the right data is accessible to the right people at the right time – can be particularly tricky, because building large interoperable data ecosystems requires enterprises to integrate multiple data sources, including databases and applications used across marketing, finance, sales and other functions.
“Centralising data itself is just one side of the coin, however. A much larger challenge is presented by metadata – the ‘data about data’. Metadata is a governance layer which provides descriptive information about data – such as ownership, time of creation, and size – to help users find data and make systems interoperable. The complexity occurs when companies leverage off-the-shelf vendor tools besides their own custom-built data integration solutions, particularly if the vendor doesn’t provide ample visibility into metadata.”
Strengthening security through APIs
“Data integration solutions can be like a ‘black box’ in which only inputs and outputs are observable but the inner workings are concealed. This naturally makes it a challenge for core data teams to check that the metadata meets compliance and governance requirements. Without visibility, organisations will struggle to know where data came from, what data they have and who has access to the data and its pipeline. Yet understanding these key questions is needed to build any backbone of any internal policy.
“Implementing an Application Programming Interface (API) can break down the barriers surrounding metadata. APIs are software intermediaries, or ‘contracts’, that define how two systems communicate with each other. APIs facilitate data visibility, which allows security and legal teams to conduct thorough audits on the data as it is inputted, outputted and processed. As these operational areas will likely come under increased scrutiny in 2023, it will become more important than ever that enterprises partner with vendors that can provide visibility at every stage of the data journey.
“Metadata API implementation will not just ease compliance headaches, it can also speed up everyday data processes. For example, with a stronger understanding of data, analysts can better rely and trust the data collected before using it to drive key decisions. Greater visibility also makes it easier for engineers to spot disruptions early on in the data journey and work towards minimising the impact downstream. Thus, visibility is more than just a central tenet for successful security and compliance, it is a boon for data teams too.”
The human element
“Once the technological foundations of data security are in place, the next step organisations must take is create a deep-rooted security culture. This is because human error, such as social engineering and misuse of privileged access, is a key driver in cybersecurity incidents. In fact, in 2022, 82 percent of data breaches involved a human element. As hackers zero in on this lucrative tactic, expect to see social engineering attacks such as phishing, baiting and malware to become even more sophisticated and wide-spread.
“To combat the rising tide of attack vectors, employees across the enterprise must create a unified front, bound together by a strong security culture. But building awareness and improving security best practices across the enterprise is no mean feat – it’s a sizable task for any security professional, especially when the process is designed with a purely top-down approach, which can leave both employees and security teams overwhelmed.”
The solution? Security champions
“Security champion programmes can radically simplify how security is understood and acted upon within the enterprise. These champions can come from anywhere in the organisation, at any level, identified through their positive engagement with matters of security as well as their can-do, vigilant attitude. They make great advocates precisely because employees are more receptive to information from their teammates, especially when the reason for a particular procedure or policy is explained in a context that is directly applicable to them.
“Educating and incentivising security champions should become a focus of senior management. Not only is it more cost-effective to limit intensive training to the champions, it is also more productive – as they will disseminate only relevant information to their peers. In this way, the message of vigilance and proactivity will reach even the most idle of employees, strengthening overall enterprise security culture.”
“As the data security landscape will be characterised by ever-more stringent regulations and attitudes in 2023, enterprises must transcend the box-ticking mentality of compliance and instead seek to embrace the spirit of the law. Focusing on data visibility and employee empowerment will help instil a security culture that is characterised by transparency and proactivity.
“On a technological level, visibility into metadata across all of the organisation’s data pipelines will enable enterprises to manage data access governance policies with more peace of mind. It will allow data teams to decide what information to make available to which teams and track how they use the data. Within this sandbox made available to employee groups, the role of security champions is to promote practices that ensure data is not being misused or exfiltrated. Combined, these two strategies can help enterprises navigate the challenges that may await them in 2023 and beyond.”