At the Gartner Security & Risk Summit in London, Velotix had the chance to connect with analysts, partners, and other industry leaders. The conference addressed the most significant challenges faced by security & risk leaders. Noam Biran, Velotix’s VP Product, describes how the conference emphasized the importance of data security:
The Gartner Security and Risk Management Summit in London was a great experience and allowed me to gain key insights on where the data security sector is headed.
There was a feeling that data security is the stepson of the security space – both regarding the time allocated to it and in the size of rooms dedicated to lectures in this area in the conference specifically. However, on a more meta level, I also felt an honest attempt by Gartner to elevate the importance of it and position it high on the agenda of decision makers. There were various talks about how to make data security an integral part of the organizational security plan.
According to Gartner, “most larger enterprises still keep data security limited to the search for potential attackers and fail to adopt the right data security controls”. A particularly interesting discussion addressed the current fragmented nature of data security and the expected convergence. When it comes to data security, organizations are motivated by three things: stopping external cyber attacks, data leakage prevention, and proper compliance and avoidance of penalties. However, there is currently no holistic approach. Instead, organizations have taken each component and addressed it in their own respective siloes with their own respective tools.
An end to end governance strategy would take each component and use one tool to address each touchpoint of the data access lifecycle. I resonated with this point and see the future moving towards this holistic approach because I come from a company that understands the importance of data security and has itself created a holistic solution to data security, without neglecting key aspects in the lifecycle like discoverability and automated policy management.
Another discussion was about “dark data” – the data that we don’t know exists and therefore do not manage or protect it properly. Most often, this is a result of poor lineage and lack of controls to track all the data transformations that exist out there. Due to the evolving nature of the data security area, there was much more focus on existing tools and methodologies, but very little time allocated to discussing the formulation of data access policies and how to automate this process. Ironically, this is overlooked by many organizations, even though customers of all sizes express a challenge and pain in managing the data access policy.
I do hope to see data security and automation playing a more key role in next year’s summit and already see such signs of increasing importance in the eyes of the leading enterprises I’m speaking to.