Joyce Wells, managing editor of Database Trends and Applications magazine, published What We Can Learn from the Sony Hack on December, 23, 2014 to provide insight from industry experts into the lessons that can be learned from one of the most high profile data breaches of 2014. Protegrity CEO Suni Munshani is quoted throughout the article. Excerpts are included here:
“Now is the time for companies to stop living in the past,” stated Suni Munshani, CEO of Protegrity, a Connecticut-based provider of enterprise data security software and services. “Attackers have gained ground and are 10 steps ahead of today’s typical enterprise. Companies must view security as a dynamic challenge and use the best technologies to protect their data if they hope to stand a fighting chance.”
“Data used to be considered critical to the business. Today, data is at the very core of the business. Eventually, data will find its way on to balance sheets with tangible asset value,” pointed out Munshani.
Increasingly, he said, large corporations are motivated more by the extraordinary possibilities of monetizing the data they possess than they are by fear of the reputational risk associated with that data getting into the wrong hands. As the speed of innovation with what can be done with data spikes, data security gaps are being created.
The only way to truly protect data today is to adopt security measures that move with the data—whether inside or outside of the corporate network, across borders and enterprises, and throughout its lifecycle, said Munshani.
“Data-centric security technologies such as tokenization have been developed to protect data at a highly granular-level, without limiting the data’s value potential in analytics and other business processes.”
Organizations should also establish a strict data security policy and educate business users about data security and enforce a consistent message across the enterprise.
According to Munshani, “Such a policy needs to address several key factors, including: which information needs security, who can access it, where and when it can be accessed, how it’s protected, and keeping thorough logs on all access attempts. It is also essential to ensure that your data access policy is driven at the enterprise-level, versus a traditional system-by-system silo approach.”