Today’s infosec teams often face new and complex challenges in an increasingly unpredictable digital environment. They are responsible for protecting an overwhelming amount of data across multiple systems. Moreover, they face an increasing attack surface and an unprecedented frequency of breaches.
2023年,数据泄露的全球平均成本飙升至4美元.4500万年,1 在过去三年中增长了15%. Legal and regulatory bodies have continuously tightened security standards in response, 规则每年都会更新.
Organizations are subject to multiple regulations governing data retention and storage, 信息系统, 敏感数据, 消费者隐私. 法规遵从性, 再加上来自消费者和利益相关者的压力, demands a formal IT governance framework to ensure data security.
挑战:断开的数据和操作孤岛
Many organizations manage their data privacy and security initiatives in isolated silos. It is common for privacy teams to manage data mapping and maintain records of processing activities (RoPA), 安全团队监控风险和控制, and data governance teams to build data catalogs and enforce stewardship. This fragmented approach is underscored by a recent survey revealing that 75% of executives perceive their organizations as overly complex thereby increasing risk exposure.2
复杂性常常阻碍我们的理解, and a good understanding of an organization’s data—from the types and volume to the storage and disposal—is key to building a security infrastructure.
A good understanding of an organization’s data—from the types and volume to the storage and disposal—is key to building a security infrastructure.
任其发展, siloed environments and unnecessary complexities can create inefficiencies, 重复的数据, 浪费资源, 使维护端到端安全性变得困难.
解决方案:提高整个生态系统的可见性
虽然大多数信息安全领导者都有IT治理计划, they often lack a comprehensive view of data and its associated risk. Even the best-laid plans will fail without the visibility to put the required policies into practice.
Operational visibility will eliminate silos and complex workflows, 提供实时洞察, 为什么, 以及数据的位置.
Consolidating this information helps identify any blind spots and compliance gaps, 帮助防范潜在风险. 通过了解IT治理如何影响日常操作, organizations can optimize programs to suit their unique needs and goals.
需要考虑的关键问题
When implementing an IT governance program, there are critical questions to ask. Answering these questions can help create a more in-depth understanding of an organization’s data:
- What are the organization’s strategic objectives and how does IT governance align with them?
- What types of sensitive and business-critical data are collected and where is the data stored?
- 如何管理、分类和保护敏感数据?
- 哪些策略可以确保数据安全?
- 目前如何管理数据风险,存在哪些差距?
- What are the relevant regulatory frameworks and compliance standards applicable to the industry?
- What roles and responsibilities are required in the IT governance program?
- How will the organization adapt to changes in technology, regulations, and strategic objectives?
With a clear understanding of the need for an IT governance framework, there are 3 recommended steps an organization can take to establish a sustainable program for data security:
- 发现—Start by identifying and classifying sensitive and business-critical data using a robust data classification system. An automated system enables teams to monitor and analyze data assets, 优先考虑那些对组织最有价值的人.
- 控制—Protect and govern 敏感数据 through automated policy orchestration and remediation actions. 策略帮助定义整个生命周期的数据处理, 确保一致和可执行的控制. 补救行动, 例如访问撤销或数据加密, are triggered in the event of a policy violation to immediately protect 敏感数据.
- 激活启用隐私, data, and business teams to automate compliance activities and promote responsible data use. Cross-functional collaboration is essential to implement compliance activities and responsible data use in accordance with established governance policies.
拥有必要的知识和战略行动计划, organizations are well-equipped to build a robust and enduring data security program.
利用技术简化IT治理
Organizations should consider leveraging tools and technologies to navigate the evolving demands of IT governance. Purposeful solutions that integrate with existing infrastructure and automate routine tasks can streamline most of the workload, 从数据发现到遵从性活动. They allow teams to bypass manual stopgaps and mitigate risk without disrupting business operations.
最终, reinforcing IT governance and visibility increases helps reduce risk, 最大化资源, 为组织创造最大的价值.
尾注
1 IBM, 数据泄露报告的成本2023, 2023
2 普华永道,”你的组织是否过于复杂而无法保护?”
Felix Muckenfuß, CIPM, CIPP/E
数据和人工智能治理专家在哪里 OneTrust. 在这个角色中, 他支持OneTrust隐私和数据治理云, advising enterprises on how to transform privacy compliance into trusted and ethical data use.
