Enza Iannopollo, principal analyst at Forrester, recently answered some of the pressing questions we’ve received when it comes to data security, and more importantly building the foundations of your data security strategy. Today we’re looking at what Enza had to say about the prime mix of technologies when it comes to data protection.
Q: What mix of technologies do you see as being the optimum for a strong data protection stance?
Enza: When it comes to data privacy and security, there are two factors that determine what it takes to build a strong data protection approach:
1. Every organization has a specific maturity level, and this influences the mix of technology the organization should be looking at.
2. The risk appetite that each organization has about data privacy and security.
Gaining a good understanding of where data is and what it is that requires protection it is particularly important. Using technology that can help with this task, such as data discovery and classification, is a good starting point. Establishing and enforcing access rights is critical and this can be achieved through IAM (can we define IAM?). Controls that allow users to enforce and monitor policies are also especially important – such as encryption and other de-identification tools, enterprise key management, and Data Loss Prevention (DLP), for example. Finally, technology that supports program management and oversight, especially around risk, is also crucial.