Navigating the Data Security Landscape

Data security controls must be customized and prioritized according to the unique needs of any organization. This would depend on several factors including their business model, type of data they have, where they are in their security journey, and so on. Doing so maximizes security while optimizing resource allocation and operational efficiency.

However, in practice organizations often find that defining the location and risk of their datasets and implementing security controls on them is anything but straightforward. This complexity is often due to two reasons:

Data proliferation
As organizations become data driven, they have more and more sensitive data which is seemingly everywhere.

Heterogenous datasets
The implementation of specific controls for datasets is influenced by the type of asset where the data resides, necessitating thoughtful consideration of whether and how a particular control can be effectively deployed.

In practice, that becomes a hard problem so we have devised the following strategy for solving it:

We recommend bucketing your datasets into one or more 'asset types'. Each asset type essentially represents a class of datasets that are roughly equivalent in risk and value to a given organization, and could be secured using a homogenous set of tools.

Based on a survey of nearly a 100 security leaders across a cross section of industry, we believe that the following list of asset types, while not exhaustive for every organization, is a good starting point and should be valuable for most scenarios.