News, news analysis, and commentary on the latest trends in cybersecurity technology.

Data Security and Collaboration in the Modern Enterprise

The "CISO Survival Guide" explores the complex and shifting challenges, perceptions, and innovations that will shape how organizations securely expand in the future.

Rey Kirton, Vice President, Forgepoint Capital

October 18, 2023

3 Min Read
Data Security ScorecardSource: Symmetry Systems

As an investor, I've spent years talking to hundreds of entrepreneurs and dozens of practitioners attempting to solve the modern data security problem. Data in the enterprise is a double-edged sword: On one hand, today's enterprises need to derive value from ever-growing quantities of data. The most successful will be the enterprises in which all employees are equipped to efficiently leverage data to make data-driven decisions. This requires high levels of data collaboration and expanding data access. On the other hand, expanded data collaboration and access leads to an expanded attack surface, increasing the enterprise risk posture and exposing the enterprise to cybersecurity threats.

The challenge is to find a balance of visibility, accessibility, and data controls. Traditionally, CISOs have been gatekeepers tasked with preventing the flow of data throughout their organizations. CISOs use legacy tools designed for centralized, coarse-grained access controls that provide limited visibility across hybrid environments that are simply not built for modern enterprise data needs. Without effective ways to see and collaborate on data, data is frequently shared via copies that cause data sprawl and shadow data, further reducing visibility, increasing risk, and compounding the problem. For the 2023 CISO Survival Guide to Emerging Trends from the Startup Ecosystem (in partnership with Cisco Investments, NightDragon, and Team8), we spoke with practitioners and conducted a poll of over 100 security leaders to hone in on issues around identity, data and collaboration, software supply chain, and cloud security.

At the moment, we'll focus on structured data objects (e.g., databases) and exclude file management and file sharing.

Visibility: A Blueprint for the Future of Data Security

In our CISO Survival Guide, data access control was flagged as the second highest priority for security hygiene spending, behind data identity and privileged access management. It's no surprise that the first step in securing data in the modern enterprise is at the intersection of data and identity and the ability to answer these two questions:

  • What groups/identities have access to what types of data?

  • What groups/identities have accessed what types of data?

Tools that highlight different identity attributes vs. data store attributes and enable CISOs and compliance teams to see and remediate overprivileged access to on-premises and cloud data stores can be helpful. Such views are essential to developing sophisticated visibility into crown-jewel data across your hybrid environment. The ability to double-click into the details and see who has accessed what data and when is a powerful tool for compliance and post-breach investigations.

Modern Data Security: The Roadmap to Secure Data Collaboration

Enterprises need to start thinking about how they will improve data collaboration across data stores throughout the enterprise. Data security must simultaneously improve risk management and enhance usability. From my perspective, there are a few key concepts that need to be enabled to enable data collaboration:

  • Federated data access controls: Data owners help manage access controls, erasing inefficiencies in centralized access management.

  • Fine-grained access controls: Access controls need to be contextualized and fine-grained, targeting data controls down to the row, column, and cell level.

  • Data co-production: People and systems need to be able to seamlessly collaborate on data sets, eliminating the need to copy (aka integrate) data across silos — in essence, "productizing data" for joint co-production and collaboration using modern platforms.

While companies will have their unique journeys that require contextualized decision-making, I recommend companies approach collaboration at the line-of-business level, unlocking data collaboration in smaller segments of the enterprise that will lead to an exponential impact over time. Companies and security teams that cling to legacy data security and are too slow to adopt modern practices will fall behind. Agility, accessibility, and security are table stakes for enterprises of the future to leverage data and drive business.

About the Author(s)

Rey Kirton

Vice President, Forgepoint Capital

Reynaldo (“Rey”) is a Vice President at Forgepoint.

Prior to Forgepoint, Rey worked for Harlem Capital, an investor in minority and women-owned startups. Prior to Harlem, Rey worked for Altman Vilandrie & Co., a technology-focused strategy consulting firm. At Altman Vilandrie & Co., Rey managed over 30 operational and market due diligence efforts for investor and corporate clients across U.S., European, and Latin American markets. Rey began his career at Cambridge Associates, where he provided capital markets research and portfolio allocation advice to private and institutional investor clients ranging from $50M to $3B in assets.

Rey is a CFA Charterholder and holds an MBA from the Wharton School of the University of Pennsylvania and a BA from Harvard University. When not in the office, Rey can be found testing out new recipes he finds on cooking shows or hosting cooking competitions with friends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights