We recently released a study with Forrester Consulting entitled “The Data Security Money Pit: Expense in Depth Hinders Maturity” that shows a candy-store approach to data security may actually hinder data protection and explores how a unified data security platform could give security professionals the protection capabilities they desire, including security analytics, classification and access control while reducing costs and technical challenges.
The report finds organizations invest heavily in individual tools to try to mitigate threats and meet compliance requirements. In fact, 76% of data security professionals believe their organization has a mature data security strategy as a result of these efforts. Forrester writes:
The reality is that companies have spent a lot of money on individual technology — instead of a unified data security strategy — and are judging their maturity based on money spent.
This fragmented approach to data security exacerbates many vulnerabilities and challenges, and 96% of these respondents believe a unified approach would readily prevent and help them more quickly respond to attempted attacks and actual data breaches, meet regulatory compliance and free up resources to focus on building and enforcing policies, procedures and remediation actions. The study goes on to highlight specific areas where enterprise data security falls short:
- 62% of respondents don’t know where their most sensitive unstructured data resides
- 66% don’t classify this data properly
- 59% don’t enforce a least privilege model for access to this data
- 63% don’t audit use of this data and alert on abuses
- 93% suffer persistent technical challenges with their current data security approach
Point products may mitigate specific threats, but when used tactically, they undermine more comprehensive data security efforts. Ransomware, for example, exploits the same internal deficiencies that a rogue or compromised insider might – insufficient detective controls and over-subscribed access. Instead of improving detective controls and locking down access – improvements that would mitigate ransomware as well as many other data security threats – organizations sometimes deploy a tactical solution for ransomware and neglect their core controls. This threat-reactive approach appears to have become the norm – many threats; many tools. Expense in depth.
According to the study, “It’s time to put a stop to expense in depth and wrestling with cobbling together core capabilities via disparate solutions.” Almost 90% of respondents desire a unified data security platform. Key criteria to include in such a platform as selected by the survey respondents include:
- data classification, analytics and reporting (68% of respondents)
- meeting regulatory compliance (76% of respondents)
- aggregating key management capabilities (70% of respondents)
- improving response to anomalous activity (66% of respondents)
In summarizing the findings, Forrester concludes,
A unified data security platform offers core capabilities to help organizations not just establish a robust technology foundation for their data security strategy but also create conditions that help to push firms toward greater security maturity and value-add to the business.
Read highlights from the Forrester report here – including 4 key recommendations for a unified security platform.