DATA SECURITY INTELLIGENCE FUTURE STATE



Similar documents
Teradata and Protegrity High-Value Protection for High-Value Data

how can I comprehensively control sensitive content within Microsoft SharePoint?

Chief Security Strategist Symantec Public Sector

Payment Card Industry Data Security Standard

The Benefits of an Integrated Approach to Security in the Cloud

IBM Security Intelligence Strategy

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Authentication Strategy: Balancing Security and Convenience

Securing and protecting the organization s most sensitive data

Preemptive security solutions for healthcare

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Symantec Consulting Services

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

IT audit updates. Current hot topics and key considerations. IT risk assessment leading practices

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

IBM Security QRadar Risk Manager

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IBM QRadar Security Intelligence April 2013

Safeguarding the cloud with IBM Dynamic Cloud Security

AccelOps Cloud Security Survey 2013

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

overview Enterprise Security Solutions

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

Stay ahead of insiderthreats with predictive,intelligent security

TRITON APX. Websense TRITON APX

Data Loss Prevention Best Practices for Healthcare

Endpoint Security More secure. Less complex. Less costs... More control.

Protecting against cyber threats and security breaches

Comprehensive real-time protection against Advanced Threats and data theft

Security of Cloud Computing for the Power Grid

Managing IT Security with Penetration Testing

End-user Security Analytics Strengthens Protection with ArcSight

ENABLING FAST RESPONSES THREAT MONITORING

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Empower Decision-Making with Information Insight Veritas Information Governance Solutions

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

The Cloud App Visibility Blindspot

Secure Your Mobile Workplace

A Buyer s Guide to Enterprise Performance Management Suites

Continuous Network Monitoring

McAfee Network Security Platform Services solutions for Managed Service Providers (MSPs)

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Increase insight. Reduce risk. Feel confident.

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

INFORMATION PROTECTION

Data loss prevention and endpoint security. Survey findings

Breach Found. Did It Hurt?

How to Secure Your Environment

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Empowering Your Business in the Cloud Without Compromising Security

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

10 Building Blocks for Securing File Data

Addressing Security for Hybrid Cloud

HP Application Security Center

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

FIVE PRACTICAL STEPS

Test Data Management for Security and Compliance

2012 North American Managed Security Service Providers Growth Leadership Award

Strategies for assessing cloud security

1 Introduction Product Description Strengths and Challenges Copyright... 5

Phone: Fax:

The State of Data Centric Security

Leveraging a Maturity Model to Achieve Proactive Compliance

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

CYBER SECURITY, A GROWING CIO PRIORITY

ISOAG Meeting December 2, 2015

Informatica Solutions for Healthcare Providers. Unlock the Potential of Data Driven Healthcare

The Oracle Mobile Security Suite: Secure Adoption of BYOD

REVOLUTIONIZING ADVANCED THREAT PROTECTION

How Do Threat Actors Move Deeper Into Your Network?

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Find the needle in the security haystack

SAP Product and Cloud Security Strategy

SPEAR PHISHING AN ENTRY POINT FOR APTS

Seven Things To Consider When Evaluating Privileged Account Security Solutions

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

2015 VORMETRIC INSIDER THREAT REPORT

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Cisco Advanced Malware Protection for Endpoints

Repave the Cloud-Data Breach Collision Course

INTRODUCING isheriff CLOUD SECURITY

Accenture Federal Services. Federal Solutions for Asset Lifecycle Management

How To Protect Your Organization From Insider Threats

NASCIO 2015 State IT Recognition Awards

Integrating MSS, SEP and NGFW to catch targeted APTs

IBM Security Privileged Identity Manager helps prevent insider threats

Transcription:

DATA SECURITY INTELLIGENCE FUTURE STATE White Paper EXECUTIVE SUMMARY In this White Paper, Neuralytix analyzes the Data Security Intelligence (DSI) market. Our research indicates that this market will reach US$800M by 2018, growing at a CAGR of 27.8%. North America and EMEA will be responsible for over 95% of the DSI spend. The framework behind DSI enables enterprises to understand the risk and profile of the data they retain. This framework not only helps to minimize risk, but can also maximize enterprise value and competitive advantage. The Internet is inherently insecure. Even the most secure network and host solutions will eventually be breached. Moreover, insiders present special challenges, as they may be unwitting aids to breaches through social engineering or human error. Enterprises must turn towards a data-centric approach to data security. Ultimately, data security is not just the responsibility of IT, but requires an organization-wide understanding of the value, opportunity, and risk of the vast array of data sources available to an enterprise. The DSI technology portfolio and a resetting of business processes will ensure success, growth, and security for the enterprise. Ben Woo & Matt Healey 4/2/2015 Document #: 194328 Template rev. 02/15

TABLE OF CONTENTS INTRODUCTION... 3 Security Technology Segment Evolution... 3 Data Proliferation Is on the Rise... 4 DATA-CENTRIC SECURITY - THE NEXT BIG THING... 5 It s All About Securing the Data... 6 The Approach... 6 The Data Security Intelligence Market... 7 CONCLUSION... 8 What Can Users Do today?... 8 Opportunities for System Integrators... 9 Data Security Intelligence... 9 DSI Generates Business Value... 9 APPENDIX... 11 Terms and Definitions... 11 Market Definition... 11 Consumption models... 11 Exclusions... 12 Data Security Intelligence Future State 2

INTRODUCTION What do Apple, Dairy Queen, UPS, and Yahoo! have in common? These multi-national companies have all been on the receiving end of public and embarrassing cyber-attacks in 2014. Figure 1 is an infographic that visually depicts the largest reported data breaches around the world, and the number of records stolen since 2011. Figure 1: World's Biggest Data Breaches (Information is Beautiful 2015) Security Technology Segment Evolution Over the last quarter century, as shown in Figure 2, the evolution of successfully adopted security technology segments has witnessed remarkably common go-to-market and adoption patterns. Each major player in key segments such as intrusion detection (IDS), data loss prevention (DLP), and Advanced Persistent Threat (APT) to Cloud Security began with a technology that offered visualization of the problem. Each segment evolved to real-time detection, and then to protection. This shows that a major requirement for adopting new security approaches is being able to communicate the threat to a non-technical, non-security-savvy audience (i.e. C-Suite executives and Boards of Directors). Data Security Intelligence Future State 3

Figure 2: Data Security Maturity Over Time (Neuralytix, 2015) As we look into the future trends of information technology, vendors investing in this market should take heed of these common success criteria. Data Proliferation Is on the Rise The traditional approach to security had been to protect the network and endpoints such as laptops and mobile devices. However, these approaches by themselves are neither sufficient nor effective, as data proliferates exponentially across the enterprise and beyond the perimeter of an enterprise firewall or national border. Data exposure is a function of its proliferation from the original point of creation. Measuring risk is no longer just a function of keeping malicious people out. It is also about making sure that employees do not inadvertently (or intentionally) expose sensitive or regulated data. An increasing number of regulations govern the privacy and sensitivity of data. As mentioned above, security risks are not only coming from outside the enterprise, but from inside as well. In many cases, the breaches will not be detected until months after the attack has taken place. This, in part, is due to the proliferation of data and the lack of visibility and controls that follow the data wherever it is copied. Nevertheless, this extends beyond proliferation of data. Data sources both internal and external to an enterprise are insecure. Data that may have originated external to an organization (e.g. email, social media, etc.) may infiltrate inside an organization through techniques such as phishing and malware. These threats expose enterprises to new and fast-evolving data security risks. The need to integrate disparate datasets from internal and external sources (and by extension, varying levels of data security) is also Data Security Intelligence Future State 4

increasing the risk of exposure, as most enterprises outsource common transaction-based business processes to cloud and thirdparty vendors. Apart from the damaging optics to an enterprise, consumers are losing trust in otherwise bona fide enterprises, as those with traditional security controls are breaking their promises of keeping consumer, patient and employee data safe. DATA-CENTRIC SECURITY - THE NEXT BIG THING By deploying data security intelligence in combination with data security controls, enterprises can gain active insight into where risks exist and proactively set controls to mitigate the impact in the event of a data breach. The rise of Advanced Persistent Threats, and the availability of alternatives to traditional internal IT operations, by way of shadow IT services, including (but not limited to) email, file sharing, and Software-as-a-Service applications that mirror or improve on internal IT services, gave way to a realization that IDS, DLP, APT and Cloud Security alone are insufficient to protect data. The emphasis on data security has become significant and is not just about keeping people out, but equally about keeping data visible to those who are authorized to see it. Data-Centric Security is an approach to security that focuses on the data itself: to cover the gaps of traditional network, host and application security solutions. Data management vendors like Informatica believe that enterprises are deploying data-centric security controls because they need additional safeguards as threats escalate and data proliferates. As noted earlier, internal and external parts of the enterprise can be a source of data security risk, and having intelligence with respect to all data is critical. In fact, Advanced Persistent Threats (APT) are likely to cause data security risks even more than data proliferation. Enterprise security leaders understand that visualization, in addition to real-time detection (and ultimately protection) of potential data threats, is just as important when attempting to justify spending security budgets on additional security controls. By deploying data security intelligence in combination with data security controls, enterprises can gain active insight into where risks exist and proactively set controls to mitigate the impact in the event of a data breach. Data Security Intelligence Future State 5

It s All About Securing the Data In today s data-prolific world, another facet must pivot to the front lines: data security. It is no longer just about protecting domains and applications. Data security is about protecting individual data objects that traverse across networks, in and out of a public or private cloud, and from source applications to targets such as partner systems, back office SaaS applications or data warehouses and analytics platforms. Data needs to not only be governed by corporate policies, but also by (often competing) legislative and regulatory compliance especially when these target systems mean that data crosses national borders. This is not an easy task. Data security demands the cooperation of all executive and senior management to address this issue. The Approach The approach needed to begin to address the data security imperative is a multi-step process (see Figure 3 below). Data Definitions Data Classification and Diiscovery Data Security Intelligence Data Security Controls Enterprises define what are the classes of data, and its sensitivity Ownership of data must be assigned to organizational and LOB leaders Enterprises need to understand what data they have, and classify and discover data based on Data Definitions Data risk analysis can be conducted and data security and privacy risks can be identified, analyzed and prioritized. Based on data risks, controls are deployed for remediation. These controls include masking, encryption, tokenizations, access controls and data retirement and archive. Figure 3: The Approach to Modern Data Centric Security (Neuralytix 2015) Enterprises must first start with defining and segmenting the types of data they own. That way, data stewards or owners can be assigned and made responsible to create the necessary policies to govern that data. Data steward residency is often in the line of business, not in IT this varies by industry and region. Data Security Intelligence Future State 6

With this ownership and understanding, enterprises must engage in data discovery so that all data within the business unit (or ideally, the enterprise) can be classified based on policy. Only when this is completed can true intelligence and insight be assessed to compute and analyze risk and exposure of data. This way, a security risk assessment can be undertaken, and ultimately, data security controls can be prioritized based on the highest risk and implemented accordingly. The Data Security Intelligence Market Neuralytix research shows that the overall data security intelligence (DSI) market, which was valued at roughly $247M in 2013, will reach almost US$800M by 2018, growing at a CAGR of 27.8% between 2014 and 2018 (see Figure 4). DSI is comprised of technology that provides the definition, classification, discovery, and assessment phases of a data-centric security approach. This model does not include the Data Security controls market, such as data masking or encryption. Not surprisingly, North America (the United States in particular), and Europe will continue to be the largest consumers of data security software. By 2018, these two regions will make up 96% of the data security market (see Figure 4). $900 $800 $700 $600 $500 $400 $300 $200 $100 $- Data classification and risk analytics market ($M) 2013 2014 2015 2016 2017 2018 $247.5 $299.2 $362.4 $451.7 $592.6 $799.5 Annual Growth rate 21% 21% 25% 31% 35% 40% 35% 30% 25% 20% 15% 10% 5% 0% Figure 4: The Data Security Intelligence Market (Neuralytix 2015) Data Security Intelligence Future State 7

The increasing growth of the market is comparable to other security segments based on adoption and maturity of vendor offerings. $900 $800 $700 $600 $500 $400 $300 $200 $100 $- 2013 2014 2015 2016 2017 2018 North America South America EMEA AP+J Figure 5: Data Security Intelligence Market by Region (Neuralytix 2015) It is expected that regulations will drive adoption of data security intelligence offerings. The adoption of legislation with effective enforcing tenets (i.e. fines, imprisonment) is strongest in North America and EMEA with South America offering the greatest room for improvement. CONCLUSION What Can Users Do today? Neuralytix research suggests enterprise users must immediately start or sustain the data-centric security approach journey laid out in Figure 3 above. Data-centric security goes beyond basic governance. The impact on an enterprise goes beyond the exposure of its data. The public embarrassment that goes along with an enterprise s inability to secure and keep private its customer or any other sensitive data has a lasting effect on customer confidence towards the enterprise. As the adage goes, it is cheaper to retain a customer than to find a new one! With so much competition in every industry, and the globalization of commerce, customers have more opportunities to switch providers than ever before. Those organizations that adopt a data-centric security approach sooner than their competitors will win over the trust of their customers, stakeholders, and employees. Data Security Intelligence Future State 8

Opportunities for System Integrators For system integrators, the last 10 years have primarily focused on infrastructure and physical controls based on a defined network perimeter. Between consolidation, virtualization, and other optimizations, these cost-mitigating actions have almost run their course. The opportunity is bountiful for system integrators to move beyond the highly competitive infrastructure integration business, and move to the higher-value data security intelligence business. This is more apparent in an industry with a significant shortage of data security skillsets. All system integrator customers have seen the disastrous public humiliation of some of the world s most trusted and largest companies due to failures to control data security. By helping enterprises understand the impact, and providing them with solutions to gain intelligence into the effectiveness of their data security policies, there is a vast opportunity for consulting, integration and maintenance of these environments. Data Security Intelligence Data security intelligence is a framework for understanding the risk of sensitive or confidential data and recommending the optimal set of controls to mitigate that risk. DSI is comprised of technology that provides the definition, classification, discovery, and assessment phases of a data-centric security approach. Typical users of DSI are security architects, CISOs, CPOs, security architects and data stewards. Consumers of intelligence reports span to lines of businesses, the C-Suite and BOD members. DSI should not replace existing security frameworks and should be used with complimentary security technologies and platforms. DSI technologies speed the discovery and identification of risk, assist in decision-making processes such that security controls are procured and implemented based on evidence of high risk. DSI Generates Business Value While this Paper has focused on the definitions, classification, intelligence and controls of a data-centric enterprise, Neuralytix hastens to note that apart from security, the processes described herein go beyond risk mitigation. Data Security Intelligence Future State 9

The definition and classification of data has very strong economic benefits for enterprises. Once classified, data has new value that can be exploited by the enterprise to generate growth and competitive advantage. Data Security Intelligence Future State 10

APPENDIX Terms and Definitions Market Definition The Data classification and risk analysis market is composed of the following sub-markets. Data Discovery The data discovery market consists of software that scans the enterprise environment and identifies the data stored in that environment. This capability is often the first step in the broader discovery and classification of data. Sensitive Data Classification The data classification market is comprised of software that identifies and classifies the sensitivity of data. The data can be structured or unstructured data. Data Security Risk Analytics The risk analytics market is comprised of software that evaluates and displays the extent to which data is accessible, in use, exposed, and proliferated. Products may provide anomaly detection, uncover suspicious data usage patterns, and utilize behavioral analytics. The software indicates varying degrees of risk to enable users to identify and prioritize areas of high risk and take appropriate action. Consumption models This market includes the following end user consumption models Traditional On-Premises software This represents the traditional approach to software deployment on premises. In this model, the end user either purchases or subscribes the software license from the provider and deploys the software in their environment. This category includes both the initial software license (perpetual or subscription) and the ongoing maintenance. Public Cloud In this consumption model, the customer pays a fee for the use of the software. In this model, the end user does not own the license for the software. Furthermore, the public cloud is a multi-tenant environment. The environment resides in the provider s data center. Private Cloud In this consumption model, the customer pays a fee for the use of the software. In this model, the end user does not own the license for the software. This model differs from the public cloud in that, rather than a Data Security Intelligence Future State 11

Exclusions multi-tenant environment, a private cloud represents a single-tenant environment. The environment may reside in either the customer or the provider s data center. This market excludes the following: Professional Services The professional services are not included. These include IT consulting and systems integration. IT consulting is comprised of services that assist the user in identifying and selecting software. Systems integration services are comprised of the services associated with deploying the software in the customer s environment. Support Services On-going support services are not included. Support is comprised of services that fix problems associated with the software. They are delivered through on-site support, phone support, and remote support. For services to be considered support and not software maintenance, the customer needs to have either purchased a higher level of support, e.g. gold support, or purchased the services from a third party. Basic support services that are included with the software maintenance agreement are not considered support services and as such are included in the software forecast. CONTACT US To learn more about Neuralytix and our other solutions, contact your local representative or visit Neuralytix.com. Copyright 2015 Neuralytix, Inc. All Rights Reserved The information in this publication is provided as is. Neuralytix, Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Neuralytix believes the information contained herein is accurate as of its publication date. The information is subject to change without notice. Neuralytix, the Neuralytix logo, the Hex logo, Neuralytix iq are registered trademarks or trademarks of Neuralytix, Inc. All other trademarks used herein are the property of their respective owners. Data Security Intelligence Future State 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information