Insider Risk Management Summit

Join Zach Luze, Senior Manager, Data & M365 Security Practice, Kudelski Security for ‘Better, Faster: Re-thinking Data Security for a New Era.’

Data security sounds simple enough – find your sensitive data, then protect it. So why is the industry littered with half-baked programs and shelfware? The main culprit lies in the pervading “first, discover all data” approach. Long, resource-intensive data discovery efforts lead to slow ROI, guesswork KPIs, and the inevitable call from leadership asking “what have you actually protected?” It’s time for a new approach. Data discovery still has its place, but is subordinated to data security’s true objective – controls to actively remediate and respond to data threats, and efforts to educate users. Drawing on lessons from actual implementations, Agile, and new innovations, Zach will explore a framework to protect data better and faster. He will also dive into the following principles: 1) Focus on value – data security exists to prevent, detect, and respond to data security incidents. Prioritizing data discovery subverts actual value-creating activities 2) Building a strategy and roadmap 3) Creating common, big tent control sets – start with controls that can broadly protect or detect data security vulnerabilities, such as Insider Risk Mgmt. or reducing stale data 5) Learn from other security verticals – SecOps teams have moved from focusing on prevention to focusing on detection/response (e.g., MSSP rebranded as MDR). Data security should do the same 6) Build services, not controls – create repeatable, well-branded data security processes and services instead of craftsman controls that do not scale 7) In closing: why IRM is a cornerstone of value-focused data security functions