- Cybersecurity attacks have increased post the pandemic.
- With increased attacks, organizations have prioritized a data-centric security approach.
With the data-centric approach, the organizations are trying to reduce cyber risk and eliminate internal business growth barriers according to the study titled “Making Your Business Cyber Resilient in 2021”. Based on the interviews with 215 IT decision-makers, which consisted of 63% of directors and 29% of Vice presidents reported that IT leaders have been trying to balance the cyber risk with the demands of keeping their business functional.
Enterprise IT teams need to protect the organizations’ data from accidental attacks and cyber-attacks yet they cannot use security controls which makes it impossible for the business to remain functional.
What is data-centric security?
According to data-centric security, the priority is on securing the data. Based on where it is stored and processed instead of focusing and security controls for hardware and network infrastructure. Data-centric models also use a zero-trust approach by the application of the principle of least privilege for the determination of user access. Having this approach reduces cyber-attack risk because the user requests are given privileged access only when needed.
The perpetuation of cyberattacks during the pandemic has been one of the several factors which make data-centric security a priority. It has also proved to be a catalyst that is putting a greater emphasis on identity and access management, cybersecurity controls, and endpoint security.
In recent guidance, even the National Security Agency emphasized the zero trust and data-centric security approach. The “data-centric security model allows the concept of least-privileged access to be applied for every access decision, allowing or denying access to resources based on the combination of several contextual factors,” the NSA said.
Why does data-centric security matter?
The Capgemini and Forrester study expressed the way organizations are prioritizing cyber resilience is a way to skill data-centric security.
Data-centric security is dominating budgets:
Up to 75% of companies that plan to increase the cybersecurity budgets in response to the covid-19 pandemic, about 70% of them said that they prioritized data-centric security.
A Healthcare CISO said that they accelerated their plans to develop zero-trust frameworks in response to new security concerns over last year. The protection of existing and new digital sales channels was always important but it has become urgent during the pandemic because of the changes in customer buying patterns.
Cyber resiliency protects revenue:
Threats to organizational channels operations and revenue have increased over the last year compared to the levels seen before the pandemic according to 68% of survey respondents. A little over three-quarters of the survey participants claimed that the digital business group quickly and made it difficult for the organizations to be cyber resilient.
6 in 10 organizations don’t have access to write tools or Technology which explains the cybersecurity spend increased by 66% last year.
Definition of a cyber-resilient roadmap:
organizations are developing cyber resilience roadmaps as part of their zero trust drive. They want to include greater visibility across every point and be able to enforce the least privileged access to each of the data sets. We also want to eliminate the risk and barriers to online revenue growth. A study found that IT leaders want skilled employees and foundational security management.
Starting with data-centric security:
Which cybersecurity attacks having a focus on data assets, endpoints, and user roles during the pandemic, organizations opt for a zero-trust framework as the data-centric security strategy. Capgemini and Forrester’s report provides a glimpse into how organizations turn their data-centric investments into concrete security management. data-centric models deliver optimized value when they improve the application, tool, and device visibility across the organizations.
Identity and access management (IAM), cybersecurity controls and endpoint security provide the required level of visibility. The leading vendors in IAM include BeyondTrust, Centrify, CyberArk, Ivanti, and Thycotic. The industry experts for endpoint security vendors include Absolute Software, Crowdstrike, Cybereason, and Ivanti. The study Oxford results reflect how cyber resilience has become essential for revenue protection, data-centric security roadmap definition, and cybersecurity decision management from a business perspective.
An investment in cybersecurity is primarily a business decision rather than a technological one. The increasing cyber-attacks on data assets and points and identities directly affect revenue and can hinder new online sales channel growth. The NSA’s prescriptive guidance on the zero-trust initiative comes as many organizations struggle to define their data-centric security strategies.
“Zero trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries,” the NSA said in its guidance.
