Data Security Trends And Technologies To Know
Posted July 21, 2023 by Sayers
The security technologies that protect your data integrity and confidentiality should also ensure your data is available for business innovation and support business goals.
That’s one of the key takeaways from the 2023 Gartner Security and Risk Management Summit, which Sayers representatives attended.
The conference gave data security plenty of attention, as organizations look for more effective ways to handle, consume, and protect their data in the face of ever-evolving threats.
We’ve highlighted several data security trends and technologies to know from the summit.
Integrate Data Security With Business Goals
An overarching theme heard at the Gartner conference is the importance of connecting cybersecurity to business outcomes. That means using security technologies as business enablers rather than obstructions. Think of them as guardrails, not gates, to safely enable the users of business data and applications.
Data security in particular has been driven by incidents and compliance needs but is evolving to become more business-centric.
Chris Glanden, Sayers Senior Security Architect, says:
“We’ll see more integration of data security technologies with adjacent top technology investments, such as an organization’s API architecture and DevSecOps pipeline. Organizations opting for data security as a service will benefit from the DSaaS provider’s expertise, continuous monitoring, and immediate access to the latest and greatest security technologies.”
Other technology investment areas where we can expect data security to become more integrated include:
- Business intelligence and data analytics, with the need to enforce data governance, encryption, access controls, and privacy controls.
- AI and machine learning pipelines, where algorithms heavily depend on large volumes of data for their training models and decision-making. This makes the need for protecting that data more critical.
- Cloud platforms, where data security technologies provide a unified approach to monitor and enforce security policies across various data environments.
Current Trends In Data Security
From encryption to posture management, several areas of innovation are bringing in a new era of data security. We took note of the following trends from the Gartner Security and Risk Management Summit:
Data Security Platforms (DSPs) have become the de facto standard for securing cloud-based data lakes.
A DSP is a unified set of data security controls governed by a common policy mechanism, enforced through dynamic access control. Many of the popular DSPs primarily focus on securing cloud-based databases.
Data Security Posture Management (DSPM) significantly contributes to data observability across structured and unstructured data in the cloud.
DSPM offers comprehensive visibility into the location of sensitive data, so you can see who has access, where the data goes, how it flows, and the security status of stored data or applications.
According to Gartner:
“DSPM technologies can discover unknown data and categorize structured and unstructured data across cloud service platforms. Security and risk management leaders can also use them to identify security and privacy risks as data spreads through pipelines and across geographic boundaries.”
Data Loss Prevention (DLP) And Data Access Governance (DAG) remain popular.
Data loss prevention tools help protect data whether it’s at rest, in use, or in transit, applying policies and/or data access and usage rights. The likelihood of human error leading to data breaches has contributed to DLP’s wide adoption.
Data access governance provides insight into sensitive, unstructured data that’s scattered throughout the organization. DAG enforces policy to control scattered data and operates at the intersection of data security and identity management.
Encryption Continues To Evolve For Post-Quantum Readiness.
Encryption remains a strong security measure, with more innovations expected in preparation for the potential ability of quantum computing to break data-protecting encryption keys. Gartner doesn’t expect the damaging impact on data security until the 2028-2031 timeframe, which means technology vendors have time to prepare.
Expect More Vendor Consolidation And Technology Convergence Ahead.
Organizations are wanting to move to fewer security technology providers, while vendors look to converge technologies into platform offerings. According to a 2022 Gartner survey:
75% of organizations are pursuing security vendor consolidation, up from 29% in 2020.
Vendors moving toward a convergence of data security technologies results in platforms that bring together complementary solutions such as data loss prevention, database activity monitoring (DAM), and data-centric audit and protection (DCAP) solutions. DAM tools analyze database user activity to uncover fraudulent or otherwise unwanted data access. DCAP products help address threats and compliance issues for critical data stored across on-premise or cloud silos.
To manage the complexities of data security and other areas of cybersecurity, Gartner describes a cybersecurity mesh architecture (CSMA) that tightly integrates different technologies using a “minimum viable” approach. This approach considers the minimum set of tools that can achieve the business outcomes you want.
Ken Wisniewski, Sayers Senior Security Architect, says:
“CSMA looks not only at how tightly your tools integrate but more importantly, what specific strategies and challenges do they solve for? What are your overall goals versus having a tool for every last thing out there.”
On The Horizon: New Approaches In Data Security
The Gartner conference provided a look at new areas of cybersecurity where technology vendors are starting to offer solutions.
Automated moving target defense (AMTD) is a growing area of data security technologies that shift from detection and response to proactive and preventative capabilities.
AMTD technology hides operating systems and application targets from adversaries by constantly and unpredictably changing the attack surface. This makes it more difficult for attackers to identify and exploit vulnerabilities, while making automated attack tools less effective.
Gartner predicts by 2025, AMTD-based solutions will displace at least 15% of traditional cybersecurity solutions that are focused on detection and response only, up from less than 2% in 2023.
“When adversaries do reconnaissance, they build their playbook to breach the organization based on what they see,” says Chris Willis, Sayers VP of Cybersecurity and Network Engineering. “But if you’re constantly moving the targets, you’re affecting their reconnaissance and preventing their attack.”
Application security posture management (ASPM) provides visibility into security issues across software development, deployment, and operation activities.
“Gartner recognizes application security is a data problem at its core,” Glanden says. “ASPM will solve problems such as tool fatigue and fractured responsibilities across a wide range of large groups who are using a variety of development and security tools, especially in a SaaS environment.”
“By 2026, over 40% of organizations developing proprietary applications will adopt ASPM to more rapidly identify and resolve application security issues.”
Questions? Contact us at Sayers today to learn how these and other data security technologies can help your business.