Thales eSecurity Blog

Navigating the New Normal: Data Security is Squarely in the Hands of the C-Suite

Tina Stewart
Tina Stewart | VP, Global Market Strategy More About This Author >

The drastic changes we’re experiencing in our personal and professional lives would have been impossible to imagine just a year ago when we shared this blog about CEOs becoming more actively involved in data security conversations in the boardroom. Now, our new reality demands these questions are asked and answered by C-suite executives who must be certain about data security in uncertain times. Business continuity depends on security and strong access control.

Before the COVID-19 crisis, IT professionals generally operated in two worlds: on-premise and in the cloud. The workers they support were typically also physically onsite – ostensibly more secure. But in the short span of a few weeks, IT departments are suddenly responsible for protecting more sensitive data emanating from living rooms and kitchens over unknown routers, various wi-fi connections and personal computers, making security even more difficult to ensure. Those two IT worlds are now but one: cloud. And because most business is now being done in the cloud, protecting data there is the top concern.

Fortunately, we’re seeing evidence that more C-suite decision makers are getting even more actively involved. According to a recent Wall Street Journal article, boards are “getting in deeper” as risk and audit committees ask executives to spell out cybersecurity measures to address pervasive challenges with remote working.

As the variety and severity of risks evolve, here are three critical questions that must be asked in the boardroom now:

1. Are we protecting our data with end-to-end encryption and effective key management?

According to the 2020 Thales Data Threat Report-Global Edition, half of all corporate data is now stored in cloud environments, and 48% of that data is considered sensitive. As a result, encryption is critical for protecting data in motion and at rest. Attackers can “eavesdrop” on unencrypted data traveling over a network, not only impacting privacy but potentially opening the potential to modify or substitute data to stage more sophisticated attacks. To truly protect data, especially in today’s multi-cloud environment, all data must be encrypted and control over encryption keys must be well organized and strong.

2. Do we have control over who is accessing our data?

Authentication and access management is extremely important as more people work from home and use cloud applications that make them a target for cyberattacks. The report shows that cloud applications are listed in the top three reasons an organization might be attacked, just behind unprotected infrastructure such as IoT devices (54%) and web portals (50%). We also know that the majority of IT leaders (95%) believe ineffective cloud access management is still a concern for their organization. Without effective access management tools in place, organizations face a higher risk of breaches, a lack of visibility and incur extra costs from poorly optimized cloud.

3. Can we meet all compliance requirements and maintain best practices during a rapidly evolving crisis?

Amidst existing cyberthreats and new security issues brought on by increased remote working, an increasingly complex regulatory environment brings its own risks to businesses. As the report showed, 47% of organizations experienced a breach or failed a compliance audit in the past year, making the case for encryption and access controls stronger than ever – especially because non-compliance can immediately impact a business. Partnering with a data security vendor can help businesses with scalability, flexibility, and the efficiency needed to address expanding encryption and compliance requirements, while reducing cost and complexity.