John Joseph is the President and Co-founder of DataGravity.
You know that go-to story you tell at parties? It gets laughs with any crowd, and you don’t even realize how often you fall back on it. Then one day, someone asks an innocent question that exposes a flaw in your memory of that story, and its foundation crumbles. You never think of that anecdote the same way again, so you mentally file it away.
We don’t knowingly rely on incorrect information in our personal lives; it doesn’t make sense to do it at work, either. Still, many of us are prone to looking the other way when it comes to the big, flaw-exposing questions about our business practices that we don’t know how to resolve. For example, data security is a top concern for most technology professionals and one of the most heavily funded areas of IT, with Gartner predicting global information security spending will reach $76.9 billion in 2015 alone. Yet, some myths about data protection, retention and data awareness remain. The scary part is that falling for one of these myths isn’t as simple as getting drawn into an inaccurate story at a party. Instead, the mistake could lead to a damaging corporate security breach and data theft.
Here are some of the top myths IT pros mistake for truths, how to uncover the realities behind them, and what it all means for the data center industry.
Myth #1: We’ve Taken Enough Precautions to Keep Outsiders at Bay
You’re keenly aware of the risks that can wreak havoc on your system. Hackers are aggressively trying to obtain private information from corporate data centers, while innocent and unintentional actions, such as misplacing files and compromising access credentials, can also expose sensitive data to public shares. You may be working to build a fence around your data center to secure proprietary information and employees from harm. Although securing the perimeter will always contribute to the overall protection of your data, these efforts will leave you unprepared to face threats coming from inside your network unless you complement them with strategies to secure data where it’s created and resides.
It’s no longer a matter of whether your company is going to get breached. It’s become a matter of when, and one important question to consider is how you’re going to react. Once a threat has penetrated your system, you need to block it from causing additional harm while you identify and deal with it. In these situations, it’s crucial that your customer, employee, business-critical and personal data are locked down in secure locations out of the attacker’s reach.
Myth #2: Storage and Security Should be Managed Separately
Data storage systems have always been prepared to protect against – and recover from – catastrophic loss on a foundational level through disaster recovery technologies. In the event of a component failure, natural event or human error, your storage probably has you covered. However, storage is getting smarter. Modern technologies no longer wait to save you from the disaster after it occurs, but can instead identify the threats created by vulnerable, sensitive data within your system ahead of time. Just as security is no longer anchored at the fences of your infrastructure, intelligent storage and networking systems no longer blindly transfer data without using automatic sensing capabilities to identify anomalies and potential risks. Instead, you can guard against intruders and the impact of a misplaced file in an integrated process with a single seamless experience. It won’t require four separate software tools when current technology does it with one.
Myth #3: It’s Not Your Job to Make Major Security Changes
Even with new resources at hand, you might not know what steps you can take toward improving security. However, in the face of a malicious attack or data breach, all members of the IT community – with its innovations, resources and success stories – are working toward the same goals. If you want to overcome outdated myths and take action, try some of these initial steps:
- Use resources like Gartner and Forrester analyst perspectives to get educated on a granular level about the solutions, ideas and capabilities the IT industry has to offer.
- Attend security-focused events orchestrated by RSA, the International Association of Privacy Professionals (IAPP) and the Information Systems Security Association (ISSA) to talk to your peers about the challenges they face and the strategies that help get results.
- Identify role-model organizations for your business. Ask yourself what technology decisions helped those companies get to a place where the team knows what’s in its data and can confidently protect it.
- Network with your peers if they are willing to discuss strategies for management and containment. I’ve attended many industry social events where just about every IT person knew six to 10 people at neighboring companies within the metro area. It’s a small, tight-knit community filled with great people.
If you remain educated on new trends, share your results and avoid relying on unconfirmed notions about security and risks; you’ll be able to protect your business and each individual it affects.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.