More Culpability
Data is an asset and a responsibility, but as traditional boundaries become virtual borders it is no longer clear within the enterprise whose responsibility it is. In high-profile data breaches, CTOs, CEOs and even CFOs have both taken the blame and pointed fingers. Business users are able to bypass traditional and often cumbersome procurement and implementation steps by going directly to services provided in the cloud without the need for collaboration with their colleagues in other departments. In this scenario it is essential that organizations take steps to protect themselves by creating enterprise-wide data security awareness and policies that include knowledge of the data flow, data-centric protection and an understanding of where keys are made available and stored, and who has access to the keys. In this way responsibility is shared, risk is reduced and security is increased.