Maksim Kabakou - Fotolia
Security Think Tank: CIA at heart of infosec-data architect partnership
How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?
The role of the information security professional is to secure information and, by extension, systems. In times before computers, information was often protected using a variety of methods, such as a stamped seal on paper, to maintain the confidentiality, integrity and availability (CIA) of the information for the intended recipient.
Today, although the demands made on the information security function are far more complex, the principles remain the same.
The amount of data and information in an organisation increases significantly hour by hour, day by day, and year by year. This is where the data architect comes in.
A data architect is responsible for conceptualising and designing the framework that the enterprise uses for managing these huge volumes of data, to deliver available and reliable information to the enterprise.
This role has the expertise to support the handling of a range of data sources from wide and varied locations, effectively bringing order to what can often be a chaotic data environment.
The information lifecycle has five stages – create, process, store, transmit, destroy – and the creation and processing of data is where much of the increase in volume comes from. Compliance demands on organisations across the globe mean that knowing what data your organisation is responsible for, where it is and how it is maintained, is now a priority for enterprises.
A natural extension of the role of the data architect in designing the enterprise data framework is to support information security professionals in protecting the CIA of the data.
Of course, not all data is equal. Data needs to be classified so it can be protected appropriately. Working alongside the information security function, the data architect will enable understanding of the data that needs to be protected and where it resides.
The information security function will develop security policies for data across the organisation, and some of that data will require extra protection, such as encryption (Ovum’s software market forecast for security predicts a compound annual growth rate of 8.6% for encryption over the next five years).
The data architect will work with the information security function to ensure the appropriate data is encrypted, while still maintaining the availability of information.
The information security function needs the data architect, and vice versa, to protect the CIA of data and information across the organisation.
Read more about data protection
- The Singapore government has developed a skills framework for data protection officers and is looking to certify organisations under a regional cross-border privacy rules system.
- Organisations can take advantage of growing concerns about privacy by treating data protection and user privacy as product features.
- Organisations that need to protect resources in the public cloud have a number of backup possibilities, some with more hazardous negatives than others.
