Adopting a data protection focus begins with understanding that the focus or risk management should include a greater focus on data. Securing the data held in these services begins with the understanding that security and IT no longer have direct control over the location of the data, or how it is accessed; cloud based services and SaaS applications puts users in control of data.
Applying the CIA (Confidentiality, Integrity and Availability) rules to data is a good way to frame a data protection focus. Using the diagram – Data Protection Focus, consider how to protect the data stored and processed in the cloud based services when you have no means of controlling access to it or who uses it, when ‘too risky to allow’ isn’t an option. One way to resolve this problem is to work with business and technology peers to consider what data should be exposed through a risk vs. value governance process that balances corporate growth and efficiency with regulatory compliance.
What is evident is that protecting data is no longer a pure technology task; a data protection focus relies on governance and open business collaboration.