This year’s RSA Conference has just ended, and what a great event it was! Almost 50,000 security professionals and experts from all over the world descended upon San Francisco to share ideas, best practices and new technologies to combat the latest cybersecurity threats. It was impressive to see so much dialog and excitement from so many people in one place, especially now post-pandemic.
With respect to the data security market, it was interesting to see how this market has evolved, both in terms of maturation of existing trends, and completely new trends and ideas becoming reality.
Stronger Together: Effective Collaboration across Data Teams and Security Teams is Critical
First, it was heartening to see this year’s conference theme of collaboration, Stronger Together, woven throughout the agenda and in the various vendor pitches.
Any organization’s data security posture is only as effective as various stakeholders’ ability to collaborate effectively. Data teams and Security teams have historically struggled with this. They have different backgrounds, use different tools, and have different goals. As a result, much human time and effort is needed to align on data security policies and processes. Data consumers’ data access requests end up taking much time to review and approve, and meanwhile they don’t have the data they need to do their jobs. Data security has become an all-too-common bottleneck in delivering data to the people who need it, when they need it.
Fortunately, over time, the intersection between these two worlds has grown, as more and more organizations embrace digital transformation initiatives that put data in the hands of more and more users. This has put an executive-level spotlight on balancing access and security, with budgets and owners identified to solve this problem. And the vendor community is responding, with most data security vendors now speaking to the importance of making this collaboration more effective and productive through common tools and processes. Vendors whose solutions were built from the ground up with these two distinct personas in mind (data owners and security owners), and ensuring their effective collaboration, will succeed in this new reality.
Learn More: Watch this video-recorded discussion of how TrustLogix helped data owners and security owners collaborate effectively at Jefferies. https://www.trustlogix.io/on-demand-webinar-key-to-cloud-data-security-governance
Data Security is about the Data
Second, it was also heartening to see broader industry recognition that data security is about the data. Network security, cloud infrastructure security, application security, endpoint protection, ransomware protection, and so forth all play a role, but by themselves don’t fully solve for data security and regulatory compliance like GDPR. In prior years, this has been a source of confusion, with all categories of vendors claiming they can solve for this.
In reality, data security is its own discipline. Data is not tied to any one technology or application silo, but is broadly shared and distributed. It is always moving from its original sources to data lakes, warehouses and other analytic tools, and back. It is used to train machine learning models. It is used for application development and testing. It is shared across applications so that all parts of the business have the same view of the truth. It is accessed from a wide variety of client tools and devices, from any location around the world. And, increasingly, it is being shared with business partners, across cloud regions, and multiple clouds. Meanwhile, regulations such as GDPR in Europe, CPRA in California, and similar legislation around the world, state that the data itself needs to have adequate controls in place, regardless of where it is coming from and where it is going.
As a result, the vendor community has responded. Data security is now elevated to the same level as these other disciplines, with its tools and practices now considered an essential part of any organization’s overall cybersecurity strategy. We are starting to see the emergence of Data Security Posture Management as its own discipline, focusing on ensuring both data and security stakeholders can identify data security risks, define and enforce the right fine-grained policies, and have enterprise-wide visibility to their security posture, all while ensuring data users get the data they need when they need it. Vendors who embrace this discipline as a core set of capabilities in their solutions, will succeed in this new reality.
Learn More: Read TrustLogix’s four step approach to Data Security Posture Management: https://www.trustlogix.io/free-ebook-a-four-step-framework-for-practical-data-centric-security
Your Data may be Distributed, but your Data Security Posture Should Not Be
That said, we also saw acknowledgement that data security is now harder than ever, because data is being distributed more than ever before. The Cloud makes it easy to spin up new instances of databases, warehouses, lakes, machine learning engines, data applications, data pipelines, and everything in between. Data management best practices such as Data Mesh and architectures like Data Fabric have evolved to embrace distributed data ownership across lines of business and even 3rd parties, further exacerbating this challenge. These trends make it harder than ever to know where your sensitive data is, know how it is being accessed and by whom, and striking the right balance between access and security.
Most data platform vendors now expose good native functionality for access controls, data de-identification, and data usage monitoring. Unfortunately, those native features work only within that data silo, and don’t integrate well across silos. Customer organizations need a single point of visibility and control for data access and protection across all environments that data may appear. Without this, they are stuck manually implementing their policies across many diverse environments, and manually stitching together usage monitoring and alerts from diverse tools and data silos, which is both time-consuming and error-prone.
Indeed, when asking the question “what gets in the way of staying on top of your data security posture”, we consistently heard “lack of central visibility and control” as the answer. This leads to inevitable security blind spots, inconsistencies across data sources, and not fully knowing one’s risks and whether in compliance or not.
Solving this problem is a huge opportunity. Vendors whose solutions embrace the cross-platform and cross-cloud nature of the modern enterprise data landscape, and can provide a single point of visibility and control, will succeed in our new reality.
Learn More: Read more about the security blind spots that can typically arise in multi-platform and multi-cloud environments, and how TrustLogix can help: https://www.trustlogix.io/blog/securing-data-in-the-cloud-security-blind-spots-will-hurt-you
Separating Vendor Signal from Noise
Finally, the Stronger Together theme does not only refer to collaboration between stakeholders within customer organizations, but also more effective collaboration within the vendor community. Historically, the cybersecurity market as a whole has suffered from a vast number of security companies offering a bewildering array of overlapping tools and technologies, with bold claims designed to be heard above the noise, but some of whose products don’t support those claims. This has led to distrust from the buyer community, leading to longer evaluation cycles and other market inefficiencies. This hurts vendors and customers alike, as customers can make poor purchase choices or even decide to just build their own, and thus they don’t benefit from the great innovations that are available in the market.
Fortunately, we did see some positive signs in this regard. When giving their demos and sales pitches, more vendors are “staying in their lanes” by clearly stating what they do and don’t do, backed by strong customer references that support those claims. They are also engaging in more product-led selling, such as offering free online trials so buyers can try products on their own without having to engage with vendors directly on lengthy evaluation cycles. Clearly, vendors who focus on their core capabilities, and simplify the evaluation process, will be more successful in our new reality.
This year’s RSA Conference was confidence-building in many ways. We got the sense that the industry is finally wrapping its arms around data security’s unique challenges: Its cross-silo nature, requiring multiple teams to collaborate effectively, and is recognized as its own discipline on par with other cybersecurity disciplines. Vendors who built their solutions from the ground up to address these challenges will be successful.
Of course, TrustLogix meets these criteria!
Learn More: Learn more about the TrustLogix Cloud Data Security Platform! Visit our Product Tour at https://www.trustlogix.io/product-tour