Why The Security Industry Needs The Channel To Spark Changes
Q&A with Perry Dickau, director of product management at DataGravity
Q: In recent years, we’ve seen an industry-wide attempt to improve data security. What’s driving this effort?
Dickau: No one is safe from a breach, and we all know it far too well. The high-profile breaches at major corporations such as Target and Sony put urgent pressure on companies to find solutions that get the security job done right. For a long time, the IT status quo was a reactionary approach to data protection and threat management — building taller walls and digging deeper moats to secure the data perimeter without fully analyzing the sensitivity of its contents. Now, we know security tools of the past aren’t working, and the only option to protect your business has become a race against the clock to ensure data is protected before an attack hits.
Q: How can channel professionals help their clients get proactive about security changes?
Dickau: Channel pros need to educate organizations about the absolute need of data awareness as a core element to a holistic security program. Most companies have no visibility into what’s actually in their data, and it’s a fundamental problem plaguing the industry: how can they protect what they don’t know they have? This problem exists across the entire lifecycle of content as well: from when it’s first created and stored, to how it’s accessed, moved, and managed across servers and networks, to how it’s shared both inside and outside of the organization. Companies are vulnerable at each one of these points, and more. Foundationally, organizations must become data-aware so they can recognize and protect what is most valuable. Data security needs to be everywhere and touching every person within an organization.
It’s crucial for IT resellers to focus on education as they work with new clients, highlighting use cases in which becoming data-aware reduces risks and secures data. For example, if your customers adhere to strict industry regulations, such as payment card industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley, you should offer tools that help customers run audits quickly and identify potential exposures long before a third party can locate them.
As a channel partner, you should also help clients understand that even organizations outside of the industries that are traditionally most concerned with such compliance — such as healthcare, financial services or government agencies — need to know what’s in their data and be able to protect it. According to the Ponemon Institute, more than 40 percent of all U.S. companies have experienced a data breach in the past year, and the average breach costs $3.5 million. Ask your clients, “Can you afford that? Would you avoid it if you could? Are you prepared to catch an exposure before a breach wreaks havoc?”
Q: Where are the majority of those breaches coming from?
Dickau: It’s important to show clients that not every breach is the result of an external hack. Ponemon reports that 78 percent of data breaches happen because of employee actions — an employee accidentally misplaces a sensitive file or a disgruntled worker takes out his frustration by deleting or exposing critical data. Although hackers are a major concern and facing them involves a certain skill set, you can increase your customers’ awareness about the other scenarios that can result in data theft. Privileged user data access is something companies should be concerned about and be able monitor as part of a holistic security program. For example, when an employee plans to leave an organization — say, a lawyer wants to split from her firm and establish an independent practice — she may transfer certain files from the company server over time and delete them to recruit the firm’s clients to her new venture. Or, an engineer may spend months training with a technology company to become versed in the building and management of the company’s intellectual property (IP), only to use this information to market it to one of the company’s competitors.
In these situations, your clients’ network security efforts will still leave internal data vulnerable. Provide user-access auditing and data visualization tools to track files as they’re read, written, deleted, or updated, and to provide insight into anomalous behavior or activity. This way, you can reduce the fallout of security issues by quickly identifying the involved parties, timeline, and extent of a breach. This strategy will ensure more strategic resource allocation for your customers as well, as they’ll be able to easily restore deleted or lost files and improve employee productivity.
Q: What should IT teams and companies expect in terms of the future of data security?
Dickau: The security landscape is only going to get more complex. The message at the recent RSA Conference was clear: the breaches that shook us in 2014 will likely seem paltry compared to the developments we’ll see in the next few years. With this in mind, channel pros and IT teams alike should keep in mind that major shifts won’t happen overnight. Most companies make changes incrementally, but that doesn’t make them any less effective in the long run. Luckily, there’s a common understanding in today’s security industry that we’re all in this together. As a reseller, encourage your customers to get proactive and pilot new data-aware strategies, products and ideas that can help them achieve security goals and improve holistic data health over time.
Perry Dickau is the director of product management at DataGravity. He is responsible for providing guidance on product direction and development, technologies, standards, best practices and industry trends for data governance, risk management and compliance. Dickau brings more than 20 years of experience in product management to the DataGravity team, and previously served as a product manager at AvePoint and other technology leaders. He holds a Bachelor of Science in electrical and computer engineering from the University of New Hampshire.