How's Your Posture?

I recently saw a quote regarding the importance of good posture.? "The complications of poor posture include back pain, spinal dysfunction, joint degeneration, rounded shoulders and a potbelly."? (Now that's some great motivation to keep my posture in check!)

In the field of Data Security, there is a very similar notion.? It's called data security posture.? Just like the human version, poor security posture for enterprise data leads to complications throughout the organization in terms of excessive data risk and potential data loss.? So what does bad data security posture look like and how do we fix it? ? Here are a few of the key areas of consideration that will help you navigate clear of these risks.

Data Discovery

It all begins with continuous data discovery. If you are going to assess "data security posture", you must have a clear and comprehensive understanding of your data.? It's essential to know where your high value data assets reside.? But also, it's important to have visibility and insights into all data assets so that you can effectively drive data security, data remediation, data privacy, and data retention / records management.? The outcomes of comprehensive and quality data discovery also drive a reduction in storage costs through the discovery and remediation of redundant, obsolete, and trivial (ROT) data and well as the minimization of duplicate data.

Data Coverage

An assessment of physical posture does not begin and end with a focus on the lower back, it involves an inspection of the entire form.? There are many contributing factors to poor physical posture and to ignore any one of them would be an obvious blunder.? Similarly, it is clear that enterprise data security posture is only as good as its weakest link.? You can't focus entirely on one type of data or a single storage area for data.? You've got to maintain vigilance on all your data in order to fully understand your data's security posture.

We've got to include all data assets in this conversation.? We need to establish, as output from discovery, a centralized enterprise registry containing an entry for every data asset whether it be:

• ?????High or low value
• ?????Stored in the cloud or on premises
• ?????Structured or unstructured
• ?????On the move (Kafka) or at rest
• ?????Big data or a data lake
• ?????Enterprise SaaS solution data, (e.g. SAP, salesforce.com, Workday, Teams, Slack, ServiceNow, …)

Why is this comprehensive coverage so important?

There are a number of reasons, one already mentioned above.? We can't afford to ignore pockets of data across the enterprise.? Just as importantly, this comprehensive coverage for all data platforms results in a single registry of information (metadata), affording you a single point of reference to apply policy [enterprise wide] regarding retention, sensitivity tagging, remediation, reduction, etc.? The value of having a single enterprise metadata registry is outstanding.? It reduces the number of stove pipe solutions you need in order to effectively achieve data lifecycle management.? It provides consistency in data policy definitions, data tagging, which is key for maturing Zero Trust implementations.

What does bad data security posture look like???

Can you provide some examples or draw a picture for me?? Sure, but there are too many examples to represent in a single blog so I'll give you just a couple to make the point. Imagine that you have three categories of data including sensitive, over-exposed, and obsolete, where over-exposed simply refers to data that is stored in a folder or a site/location where the permissions are wide open making that data visible for all users.? Check out the graphic below for a simple example of poor data security posture.? You will see sensitive data that is being overexposed and you will notice some sensitive data that is obsolete.

Clearly obsolete data should be archived or deleted, especially if it contains sensitive data elements or information.? Just as obvious, sensitive data should never be wide open for all to see.? Important note: This Venn diagram represents all enterprise data of every type, every structure, every location, etc.? Consider that each of these three data collections contain data from all of your enterprise data stores.? (i.e. mainframe, on premises, cloud data, structured, unstructured, big data, etc.)? The point is that no data should be omitted from the dynamics of this Venn diagram.

How would this diagram need to look in order to represent great data security posture?? Have a look below.? Notice that all the circles are smaller and none of the circles converge at all. This is one of the outcomes achieved by customers of BigID.

In Closing

To recap, data security posture management starts with quality discovery, comprehensive data coverage, and results in a single enterprise metadata registry that informs decisions related to data security, remediation, sensitivity tagging, retention, quality, privacy, and governance.

So, there you have it – the curious connection between our slouching habits and data security posture management. It's all about quality discovery, visibility, vigilance, and the perks of a straight-backed data approach. Now, if only fixing our posture was as easy as managing data security!

BigID is the leader in Data Security Posture Management (DSPM).? Reach out to learn more about our solution platform.