There is no doubt that there is a strong relationship between identity access assurance and data. Having established the critical role that data plays in an organisation’s ability to do business, it stands to reason that having an effective mechanism to manage and control access to data is vital. Add into the mix cloud, mobile and the Internet of Things, and it’s a seriously interesting challenge.
“Any information security strategy (or similar) must refer and align with the data management strategy in its attempts to establish an organisation’s information security program,” says Leonard Kleinman, Chief Cyber Security Advisor, APJ – RSA, in an email interview with Networks Asia.
“IT security's role in strategy has evolved from what was originally a keeper of secrets through prevention controls to now being the builder of IT trust networks driven by business needs and requirements.”
In the interview, Kleinman also introduced the RSA Business-Driven Security architecture. This architecture, along with several solution offerings, enables customers of all sizes to more quickly and efficiently take command of their risk posture.
What is an effective data management strategy? Should it be part of a security strategy, a data analytics and management strategy on its own, or a disaster and recovery strategy? Is it essential for an enterprise to have one? Where and how should it fit into an enterprises’ overall security or IT strategy?
A data management strategy is effectively a mechanism that allows to plan and create strategies for handling the data created, processed, stored and managed by organisations. For it to be effective, it should be its own living document; however, it must align with business and other corporate strategies.
Data is critical to every functional aspect of a business and therefore it is not just essential but critical that organisations have a data management strategy. Leveraging data together with analytics is fast becoming a core enabler to an organisation’s strategy and operations, which provides it with a significant competitive edge.
The aim behind a data management strategy is to develop a business strategy that ensures that the data is:
- Stored, consumed and processed in a timely manner that meets the needs and requirements of the organisation;
- Managed, monitored, protected and assured using good data governance and security processes and policies;
- Stored, classified and standardised using defined and known data classification frameworks
The data management strategy should ultimately help an organisation gain the best benefits from its data and data assets. To do that it must give the business fast and secure access to all the data and analytics that it needs to remain competitive, now and into the future. The increase in the overall breadth and depth of information sharing across the organisation elevates the importance of protecting this data. The key is to ensure that the data is accurate, reliable and precise thus permitting good decision making. Any information security strategy (or similar) must refer and align with the data management strategy in its attempts to establish an organisation’s information security program.
IT security's role in strategy has evolved from what was originally a keeper of secrets through prevention controls to now being the builder of IT trust networks driven by business needs and requirements. This is what RSA calls ‘Business Driven Security’. Business Driven Security is centered on a strong framework that integrates business with security and allows organisations to take command of cyber risk and secure their data and information assets.