Organisations around the world are struggling with data sprawl and data visibility while meeting industry and government regulations. As more companies optimise their business models and analyse ever-growing volumes of data, the challenge has become even bigger.
Quorum Cyber and Microsoft joined forces to present a strategic webinar focused on data security on 16th October. In an interactive session with attendees, Quorum Cyber’s Data Security Solutions Director Leon Butler and Head of Advisory John Dellinger, Microsoft’s Global Customer Security Advisor Mikhail Falkovich, and the AA’s Head of Cyber Security Mark Vodden, answered any burning questions from the audience.
“If you implement Copilot, it is one way to tenant your data and make sure that data does not leave your organisation readily,” said Mikhail Falkovich. “Companies shouldn’t overshare information internally. Adversaries are going after your data, and they’re going to use your data to their advantage and to your harm. So having control over your data domain becomes more and more important. Data governance and data security are important, with or without AI. Within Purview there’s tremendous potential to get a handle on your data domain and drive good behaviour, good security posture, and good business outcomes.”
Whose data is it anyway?
Leon Butler emphasised that identifying who’s responsible and accountable for data within the organisation is a journey. “IT and security typically provide the platforms to process and use data, but they don’t own it,” he said. “The owners and controllers of this information sit in the business. So, it’s your finance, your people teams, your legal, your operations teams. They’re the ones that own the data. They’re the ones that can tell you it’s sensitive or not. “
He added that “winning the hearts and minds of the business is a critical step to understanding the scale of your data security risks and the steps you need to remediate them. Ultimately, legislation, regulation, contractual obligations, business requirements, all of this will come from the business.”
Leon also warned listeners to avoid trying to do everything everywhere all at once. “Switching everything on all at once will end in tears. Data security and information governance is a journey. It’s really important that it’s a program of work, not a project.”
Data security and governance is a journey
Mark Vodden spoke on before of a customer’s perspective. He explained that organisations need to consider their approach to data management of data, their investment in IT, and their own B2B partners who are very interested in how the AA handles its customer data as well as its own data.
“Our Quorum Cyber journey was very much around a trusted partnership and that is something that we we’ve put a lot of emphasis on and has worked well for us on both sides.”
Mark stressed that the AA doesn’t have the capacity or capability internally to manage data security and governance on its own. But it’ a significant challenge because the business has 50 million records of personally identifiable information (PII) on its network. “So, it’s a very important thing to get right and select the right partner,” he added.
He repeated that data security and governance is a journey. “The business and the enablement of business as well as the protection of business is a very key part of that journey. Being able to bring them as data owners along the way with us to implement it is very, very important.”
In Mark’s view, data visibility is also very important in the worst-case scenario of a cyber security incident. Investigators need to quickly understand what data they’re dealing with.
Watch the webinar
You can watch the full 45-minute webinar, Data Everywhere, Control Nowhere, which includes a demonstration on data sensitivity labelling and protecting data in different layers of security, for free.
Leon Butler has also written a 10-step guide called The Data Governance Playbook which is designed to outline the key actions needed for secure, compliant, and confident data management. It’s packed with practical advice and tips on how to begin your data governance journey and avoid common pitfalls along the way.
These resources are a part of Quorum Cyber’s Data Dilemma Series, where we’ll explore the challenges organisations face, provide practical insights from real-world experiences, and guide you on building a scalable, secure data governance strategy. Keep an eye out for upcoming events in the series.
