The traditional notion of perimeter security is crumbling. Recent incidents like the Google Account password hack have proved that. This shift necessitates a reevaluation of security strategies, particularly for businesses relying on SaaS, cloud, or GenAI tools.

For years, organisations have stuck by a conventional approach centered on perimeter defence—firewalls and gateways— but this has become porous. Cybercriminals, adapting to advancements in technology, are finding innovative ways to breach cloud services. As organisations transition from on-premises solutions to SaaS, cloud, and GenAI tools, security strategies have become less about reinforcing external walls and more about safeguarding the core of a business’ operations—its data.

This paradigm shift is something I’ve witnessed over the last few years, with security professionals taking a more data-centric approach to security. This is no longer an alternative strategy for CISOs; it is a necessity. 

Productivity vs risk 

Organisations currently use an average of 130 SaaS applications every day, giving security teams the difficult task of balancing data security with overall productivity. Teams leverage tools like Slack, Jira, or ChatGPT for efficiency, yet the challenge lies in understanding the data shared within these platforms, its storage, and the access permissions associated with it. 

On top of that, security teams need to grapple with interconnected services within a complex ecosystem and stay proactive to ensure data risks aren’t overlooked. The lack of visibility into data sharing and access can pose further difficulties when it comes to regulatory compliance.

Ensuring compliance with data regulations 

Data protection regulations such as GDPR and CCPA are constantly evolving, expanding, and becoming more stringent. For organisations who must ensure compliance or face penalties for negligence, focusing on the data layer can be beneficial as it helps them to implement controls that protect personal and sensitive data. These controls can ensure: 

• Data minimisation, in order to reduce attack surface 
• Granular policies to cater for an organisation’s specific needs
• Retention periods to ensure data isn’t stored for longer than necessary 
• Access controls that only allow authorised users to see sensitive data 

Focusing on the data layer helps businesses understand where data is stored and the types of data they need to protect, as well as ensuring unnecessary data is deleted and access is revoked for those who no longer need it.

A data security tool for fast-moving businesses 

For security teams losing sleep over unidentified data and professionals struggling to manually track sensitive information across their ecosystem, solutions like Metomic are available. Data discovery, data loss prevention (DLP), access controls, and proactive monitoring are crucial for any organisation looking to create a solid data security strategy. 

Metomic empowers businesses to navigate the intricacies of the evolving cybersecurity landscape, ensuring data protection and compliance in an era of constant technological flux. As we venture further into 2024, a data-centric approach emerges as the lynchpin for business resilience and cybersecurity efficacy.

‍