Security News > 2021 > April > The VC View: Data Security - Deciphering a Misunderstood Category
Data security is a tough topic to summarize and I'd argue it may be the most misunderstood category in security right now.
"What are we doing to protect our customers' and the organization's data?" If the many, many public breaches have told us anything over the years, it's that losing data escalates a "Security incident" into a "Data breach".
We protected data by first making sure our endpoints weren't compromised, then by making sure threats weren't moving around in our networks undetected, then by making sure our applications weren't vulnerable to data leaks.
One set of folks interested in visibility: How much data do I have? Where is it stored? Who has access to it? What is our current risk profile due to accessible data and our threat model? How can I protect the data? Are there any quick wins that we can do to significantly reduce risk? Perhaps we can delete sensitive data in our staging environment?
How can we protect our data by design? Are there ways for us to segment data by groups & roles? What technology is out there that allows us to enforce policy as data is being generated, moving across the network and in production?
In the end, I envision a "Data firewall" being created to merge those two paths and as an important milestone in this category.