top of page

4 Strategies to Address the Biggest Challenges in Data Security


Tackling complexity with simplicity


Businesses depend on data to drive decisions, automate processes, and facilitate collaboration. However, as data is created and stored across an increasing number of locations and devices, managing it has become more complex. Hybrid work means employees need to access information from outside the office, often on personal devices. IoT is turning physical processes into data streams, while cloud, hybrid, and multicloud ecosystems transfer vast amounts of data across regions and infrastructures.


This expanding data landscape makes protection more challenging, and many organizations struggle to locate all their data, let alone ensure its safety. Managing and securing data across growing digital environments is now a critical priority, especially as security talent is limited and resources are stretched due to global economic pressures. In response, many security teams have adopted a variety of technologies and approaches, often resulting in fragmented, costly, and risky collections of point solutions.


An integrated, comprehensive data protection solution simplifies this complexity by reducing noise and improving transparency and control. This allows security teams to focus on higher-value tasks, such as strategy and addressing advanced threats, which can also aid in retaining talent.


Security leaders are seeking new strategies to meet the scale and urgency of today's data protection challenges. Let’s explore fresh approaches to overcoming these obstacles.



Challenge 1:

Protecting data amid shifting company culture


The rapid rise of remote and hybrid work has coincided with exponential growth in digital data. This shift has transformed company culture, influencing new norms around productivity, innovation, and work locations. However, it has also introduced new data protection challenges, such as insider risk—the misuse of authorized access to company assets, whether accidental or intentional.


According to Microsoft’s 2022 Work Trend Index, 38 percent of employees now work in hybrid roles, with 53 percent considering a transition to hybrid work. This trend has evolved over the last decade, as collaboration between office-based and remote teams has become easier.


Hybrid work has also fueled the "Great Reshuffle," where more employees are changing careers. The Work Trend Index revealed that 52 percent of Gen Z and Millennials are likely to consider changing jobs within the next year. This shift presents risks during both employee transitions—departing employees may take sensitive data (intentionally or not), while new hires may lack familiarity with security tools and policies.


Security and compliance experts are increasingly aware of this risk, with two-thirds agreeing that data theft or destruction by departing employees is becoming more common, according to a 2022 Microsoft Security report on insider threats.


As the need for fast, flexible data access grows, organizations must implement strategies that secure data without compromising a positive, collaborative company culture.



Hybrid work


Strategy 1:

Implement comprehensive insider risk management


Insider risk management aims to detect and prevent the misuse of authorized access, whether intentional or accidental. While there are multiple approaches, insider risk management is most effective when implemented as a coordinated, centralized program. Key questions to consider include:


  • How can you reduce stressors that may lead to disgruntled employees?

  • What types of deterrents should be prioritized?

  • How crucial are training, education, and communication?


A 2022 Microsoft Security report on insider risk highlights that organizations addressing insider risk holistically tend to be more successful. The report evaluated how well companies integrated insider risk management across four key areas:


People: Are diverse perspectives considered to gain cross-organizational support?

Process: Is there a balanced approach, including prioritizing positive deterrents?

Tools: Are integrated tools and technologies in place to meet insider risk management needs?

Training: Are insider risk training programs effective?


Organizations that focused on all four elements took a more holistic approach to managing insider risk, positively influencing their overall culture.



Key steps to achieving holistic insider risk management


  • Prioritize strong employee-employer relationships and ensure privacy controls and policies are integrated into programs to maintain and enhance trust

  • Emphasize the importance of employee data security training and education, empowering employees as the first line of defense, supported by robust detection tools.

  • Incorporate risk management tools into the existing security infrastructure, providing visibility across the organization while balancing negative deterrents (through risk detection) with positive incentives

  • Secure program buy-in and involvement from various departments, not just IT and security, but also compliance, legal, and human resources, to foster a well-rounded approach.

  • Focus on positive deterrents, such as employee morale initiatives, comprehensive onboarding, ongoing training, upward feedback opportunities, and work-life balance programs.



Challenge 2:

Understanding your data in an era of exponential growth


While most organizations acknowledge the critical role of data in successful operations, many still face the fundamental challenge of knowing what data they possess. According to ESG’s 2022 State of Data Governance and Empowerment Report, 42 percent of organizations report that at least half of their data is "dark"—collected but unused or unidentified for business purposes. Data often becomes dark when it isn’t properly identified at the time of creation or modification, or when employees shift roles or projects.


The pace at which data is being created and moved has outstripped the capacity of traditional tools and processes. By 2026, the volume of new data created, captured, replicated, and consumed is expected to more than double, with enterprise data growing twice as fast as consumer data. IoT-connected devices alone are projected to reach 25.4 billion by 2030, up from 10.1 billion in 2021.


Hybrid and multicloud environments add to the complexity, with data scattered across personal devices, multiple clouds, IoT devices, and on-premises systems. The challenge of discovering, organizing, and protecting this vast and distributed data—while ensuring compliance—is overwhelming, particularly for IT teams that are shrinking while data estates continue to grow.



Strategy 2:

Automate data discovery, classification, and protection


Establishing a solid foundation for data governance and usage requires classifying data based on its sensitivity and business impact. However, manually classifying large data stores is nearly impossible, especially with the increasing variety of data types spread across more locations. This makes it essential to evaluate data discovery and classification tools and explore how automation can help.


Automation, powered by artificial intelligence (AI) and machine learning (ML), can continuously identify and classify sensitive data across various locations as it is created and shared. AI and ML also improve classification accuracy and can review existing data retroactively. This process helps create a comprehensive map of data across the entire organization.


For data classification to be effective, it must be intuitive, simple, and integrated with productivity tools. Data protection leaders should define the classification logic and establish workflows that align with everyday business activities without disrupting productivity. Automation plays a crucial role in improving efficiency and visibility, allowing security teams to close exposure gaps across the environment, ensuring both data awareness and protection.



 Key steps to improve data discovery, classification, and protection


  • Maximize the business value of your data by creating a unified map to automate and manage metadata from diverse hybrid sources.

  • Enable easy data discovery and gain clarity on data origins through interactive data lineage visualizations.

  • Automate data classification to support comprehensive governance as data continues to grow across all environments, including multiple clouds.

  • Strive for a holistic, real-time view of key data metrics, including usage patterns, to uncover insights not only about potential risks but also the value your data provides.



Data protection


Challenge 3:

Defending Against Identity-Based Threats


Most employees aren't security experts, yet they are often prime targets for attacks. For example, Microsoft blocks an average of 710 million phishing emails per week—far exceeding other threats the company tracks and protects against. A study by Kaspersky Security reveals that 46 percent of cybersecurity incidents are caused by careless or uninformed employees who unintentionally aid the attack. To safeguard your data, it's crucial to protect your workforce as well.


Traditional perimeter-based security, such as firewalls or air gaps, has long been inadequate, and this is especially true today with employees working from various locations and organizations increasingly relying on third-party service providers, vendors, and supply chains.


To address these evolving threats, organizations need a new approach—one that addresses the central issue of over-reliance on trust. Security models that automatically trust anything inside the perimeter are highly vulnerable to exploitation. Cybercriminals are skilled at breaching perimeters and remaining undetected until it's time to strike. An effective strategy should enable employees to access the tools and data they need without relying on implicit trust in any system, process, or user.



Strategy 3:

Adopt a Zero Trust Framework for Enhanced Security


Zero Trust is an end-to-end security approach grounded in three key principles: verify explicitly, use least privileged access, and assume breach. This comprehensive, integrated strategy is essential for every organization.


By building a strong Zero Trust foundation, organizations can more effectively protect against threats, safeguard sensitive data, and ensure compliance.


  • Verify explicitly

  • Use least privileged access

  • Assume breach


A Zero Trust framework safeguards against identity-based threats by detecting and preventing unauthorized access to data, whether it is at rest, in transit, or across various devices and locations. It encompasses six essential pillars of enterprise IT:


  • Identity and Authentication: Protecting identities from compromise and securing access to resources, including implementing multifactor authentication.

  • Data: Safeguarding sensitive data wherever it resides or travels.

  • Infrastructure: Detecting threats and responding to them in real-time.

  • Applications: Ensuring that applications are available, visible, and secure to protect critical data.

  • Networks: Eliminating implicit trust within the network and preventing lateral movement.

  • Endpoints and Devices: Securing endpoints and allowing only compliant and trusted devices to access data.


A recent executive order from the White House mandates that federal organizations and their suppliers adopt a Zero Trust architecture, with other industries likely to follow suit.


A strong initial step toward achieving this standard is to implement a unified, modern identity and authentication system capable of supporting multifactor authentication and detecting suspicious activity. Such systems are fundamental to Zero Trust, facilitating convenient single sign-on across applications and resources by consolidating identity management onto a cloud-based platform.



Key Steps for Implementing Zero Trust


  • Adhere to the three core principles of the Zero Trust strategy: verify explicitly, utilize least privileged access, and assume breach.

  • Deploy unified, cloud-based identity services to facilitate an efficient Zero Trust adoption.

  • Employ a Zero Trust framework to enhance data protection and guard against identity-based threats within a distributed environment.



Challenge 4:

Simplifying Your Security Stack


Many organizations tend to rely on a mix of competing third-party solutions to meet their basic data protection needs, which often leads to the implementation of additional tools as new gaps emerge.


Enterprise environments are inherently complex, presenting numerous potential blind spots. For instance, the average enterprise network contains over 3,500 connected devices that lack endpoint detection and response (EDR) protection. Adding multiple point solutions on top of this complexity only heightens the challenges of daily security management, including administrator and user training, updates, and system compatibility.


Moreover, managing a collection of “bolted-on” solutions diverts attention from addressing complex threats and raises costs at a time when security leaders are under pressure to control budgets and achieve more with fewer resources. Security teams are already stretched thin and must find ways to effectively reduce administrative overhead, complexity, and costs without compromising protection for the sake of efficiency.



Strategy 4:

Select a Comprehensive Data Protection Solution


To maximize protection and efficiency, seek a solution with the following features:


  • Enhanced operational efficiency that simplifies IT workloads. Many organizations are looking to consolidate their data protection solutions with a single vendor. According to a Gartner® survey, vendor consolidation was identified as one of the top cybersecurity trends in 2022, with “75% of organizations pursuing security vendor consolidation in 2022, up from 29% in 2020.”

  • The focus should be on selecting the right vendor. An effective and adaptable platform can replace multiple point solutions—potentially dozens within some organizations—offering coverage across nearly any location or device. A comprehensive solution should enhance visibility and extend beyond compliance, integrating data protection, governance, compliance, and risk management.

  • Lower overall costs compared to a multi-solution strategy, achieved by eliminating redundant capabilities.

  • Simplified deployment, maintenance, and governance using familiar systems to facilitate faster adoption and user training.

  • Utilization of AI and automation to mitigate threats and improve the productivity of security operations teams.

  • A platform that minimizes or eliminates compatibility issues with existing tools.

  • "In-place" data management that avoids the need for transfers or third-party access.



Key Steps for Selecting a Data Protection Solution


  • Implement a centralized data protection strategy that aligns with your organization’s objectives, such as enhancing risk posture, minimizing complexity, or maximizing efficiency.

  • Evaluate the long-term maintenance costs, potential future upgrades, and compatibility when considering your data protection choices.

  • Choose a data protection solution capable of scaling to safeguard your entire data estate comprehensively.


Learn more here.

0 views0 comments
bottom of page