The critical confluence of information governance and security breaches

Data in motion

Although protecting data with those measures (or some variation) is ideal for complacent data in a repository, they become less effective for data in motion. Although capabilities exist for encrypting data as they move throughout a platform, there are other instances in which simply using data renders them vulnerable. “Data in a database is encrypted, but if somebody pulls it out into a business intelligence tool, then suddenly you’re in a whole different world,” Sandwell acknowledges.

The same sentiment applies for putting data on mobile devices, on individual employee servers or replicating them from the cloud. It is not sufficient to simply implement security at the data level and buttress those measures with role-based access. Instead, users must determine how data will move throughout the organization, govern them accordingly and facilitate security based on such governance.

Christiaens describes a process of mapping the movement of data throughout an organization for various business processes and workflows as a method of identifying both governance and security protocols: “By knowing all these places that the data flows, just by having that landscape of where your data goes, you know which points you have to secure.” Enterprise architecture can shed insight into the process, as can proper data provenance. The latter is one of the hallmarks of data governance and delivers visibility after the fact; the former does so in advance. According to Aasman, metadata is the principal means of denoting provenance, especially since “every semantic fact has metadata about where it came from; that’s just built in.” Analyzing the metadata retroactively delivers a roadmap for governance and subsequent security procedures. Sapient organizations can enact the process proactively via enterprise architecture.

Once an organization understands the movement of data, it can leverage options for real-time network visibility to reinforce security. Security analytics can deliver that insight with proper governance. Goldberg says it’s “critical to establish standard practices and clearly defined user roles to ensure a consistent analytic approach throughout the security organization.”

Chang describes an exfiltration example in which a user “normally might access five files an hour, and isn’t it a bit strange, he’s now accessing 3,000 files per minute? Windows does not provide that level of intelligence and auditing.” Security analytics can.

Limiting breaches

Although effective governance can decrease the likelihood of breaches, it can also reduce the damage incurred by breaches both before and after their occurrence. Wright references the notion of data minimization in the context of GDPR, in which organizations minimize data based on operational needs: “Proper governance at an organization takes an enterprise look at what personal data should remain and what needs to be erased. This aspect alone will limit the amount of records and the severity of data breaches.”

Governance can not only limit the effect of breaches, but also indicate optimal recovery means. Christiaens says, “Governance gives you the answer right away like where did we get breached, what got stolen, what was at risk, what was the data in there. Next, who was the owner of that data, so you can immediately go and talk to that person to assess the scope and the size, as well as plan any mitigation or recovery actions.”