Let's be honest. Everyone these days seems to be talking about data security. But what exactly is data security? What do you mean when you say those words? What do I mean when I say those same words? To be clear, it's complicated and rapidly evolving.
Having talked with hundreds of customers, dozens of industry analysts, and dozens of cyber security experts – I've come to realize that there are two distinct perspectives that often get conflated when talking about "data security". Understanding these different viewpoints is crucial for anyone trying to navigate the complex landscape of data protection in today's digital world.
Perspective 1: The Data Lake Dilemma
The first perspective revolves around organizations preserving optionality when it comes to sharing sensitive information. This viewpoint is often associated with data lakes like Databricks or data warehouses like Snowflake. Here's what you need to know:
- When it comes to the data lake dilemma, organizations have the luxury of time and choice. They can take time to speak with lawyers, risk managers, compliance people, IT teams, and cloud providers.
- Then, after spending weeks, months, or even years, assessing the risks and benefits of sharing data -- they can make a decision about whether they want to proceed or not.
- Companies like Databricks and Snowflake are introducing governance controls such as "clean rooms" to facilitate potential sharing.
- This approach allows businesses to prepare for possible future data sharing needs without committing to immediate disclosure.
Perspective 2: The Daily Data Dilemma
The second perspective is fundamentally different and often overlooked in discussions about data security. It focuses on the reality that many organizations must share sensitive data every single day as part of their core operations. Here's the breakdown:
- Sharing data isn't optional; it's a fundamental requirement for business operations.
- Data is routinely shared via email, files, and application workflows.
- If proper controls aren't in place, the data will be shared anyway because business needs demand it.
- Data-centric security products like Virtru come into play here, protecting sensitive data that's guaranteed to be shared no matter what.
The Key Difference
The crucial distinction between these two perspectives lies in the nature of data sharing:
-
The first approach deals with potential, optional sharing of sensitive data based on a detailed assessment of risk and business benefit.
-
The second addresses massive amounts of unstructured data that is guaranteed to be shared as part of daily business operations.
Understanding this difference is vital for developing effective data security strategies. While preparing for potential future sharing is important, we can't overlook the immediate need to secure data that's already in motion.
What's your take on these two perspectives? I’d love to hear from you.
