Strengthening Your Data Exposure Posture: A Unified Approach for Business Resilience

In today's digital age, data exposure is an all-too-common challenge for businesses, with regular media broadcasts of the latest victim to have been held to ransom. Data security becomes a paramount concern for organisations worldwide. As businesses grapple with the complexities of safeguarding their valuable data, the role of the security team has evolved into that of a strategic enabler for operational resilience, business performance, and societal good.

Recent insights from Fortanix, in partnership with Enterprise Strategy Group, shed light on the prevailing challenges and opportunities in the realm of data security. Encryption emerges as a pervasive and essential tool in mitigating data breaches, with a notable focus on post-quantum encryption technologies to future-proof data protection strategies. However, despite the growing adoption of encryption, data breaches remain a prevalent issue, highlighting the inadequacy of perimeter-based security measures.

The distinction between sensitive data and data loss is crucial, with organizations facing significant repercussions from both internal and external threats. In the research, 46% of businesses thought they had, or might have had, a loss of sensitive data, with over 75% of those companies recognizing the loss happened on more than 1 occasion within a year period. 

Ransomware attacks, unauthorized access, and data theft pose severe risks to brand integrity, business performance, and customer trust. The Carphone Warehouse incident [source] serves as a poignant example, underscoring the far-reaching consequences of lax data security measures. 

For those that aren’t familiar with the example, Dixons Carphone (merger of Dixons and Carphone Warehouse) supplied consumer electronics and mobile contracts.  In July 2017, hackers gained unauthorised access to about 10 million personal records and almost 6 million payment cards, affecting almost 14 million customers.  How did this happen?  Within the UK, malicious software was installed on over 5000 tills, leading to significant personal data was stolen, and a £500k fine enforced. 

However, outside of the financial impact, customer trust was so badly damaged, 100 Carphone Warehouse stores were closed within a year, dissolving the Carphone Warehouse brand in 2020 – a true case of customers voting with their feet!  Dixons was permanently rebranded to Currys in 2021, trying to alter perception from customers of the tainted reputation.  

To address the challenges faced by security teams, 71% companies confirmed they are increasingly turning to comprehensive cryptographic programmes and cross-functional teams with members from Security, Compliance, Network, the Business Units, Legal, DevOps, IT Ops and AppDev, to bolster their security posture. The emergence of Chief Risk Officers and Chief Data Officers reflects the growing recognition of cybersecurity as a strategic imperative at the highest levels of organisational leadership.

Market forces, such as the complexity of infrastructure and the proliferation of cloud computing, drive the need for a more strategic approach to data security. As data moves to the cloud, organisations grapple with the intricacies of managing and securing data across multi-cloud environments. Currently our research showed 51% companies store sensitive data in the cloud, but this is set to increase to 68% in the coming 2 years.  Compliance with regulatory standards further complicates the landscape, necessitating robust data exposure management strategies.

Looking to the future, the advent of quantum computing and post quantum cryptography poses unprecedented challenges to traditional encryption methods. 51% of organisations surveyed confirmed PQC solutions were actively being tested or deployed in a production environment.  Despite timeframes still being predicted and unclear, organizations must proactively invest in quantum-safe encryption technologies to mitigate future risks effectively. However, the shortage of skilled cybersecurity professionals compounds the challenge, underscoring the importance of unified security solutions that streamline operations and maximize efficiency. 

Fortanix enables businesses to work through a Discovery, Assessment, Planning and Execution, cycle to ensure the highest standard of security posture along their path to PQC standards, all through a single pane of glass with role-based access - whether on prem, cloud or hybrid environments.

The introduction of Key Insight at Fortanix further enhances visibility and remediation capabilities, enabling organisations to stay one step ahead of emerging threats.

In conclusion, security must be viewed not as a hindrance but as a business enabler. A unified, data-first approach to security not only strengthens an organisation's resilience but also unlocks new opportunities for growth and innovation. By embracing Confidential Computing and quantum-ready encryption algorithms, organisations can safeguard their data today while preparing for the challenges of tomorrow. As we navigate the ever-evolving data security landscape, collaboration, innovation, and strategic investment will be key to ensuring a secure and prosperous future.

About the Author

Andrew joined Fortanix in November 2023, and is the EMEA Partner Director, managing relationships with our CSP, MSPs and GSIs across the region.  Andrew is responsible for building the EMEA Partner Ecosystem, ensuring the enablement of conversations in the marketplace around security as a business driver for customer success.  Through the development of joint value propositions, Andrew works with partners to identify market and customer requirements, across a number of industries. 

Andrew has been working within in the Network and Security markets for over two decades, managing relationships and delivering services with channel, reseller, systems integrators, CSP and MSP partners. Most recently Andrew worked for VMware, and previously Colt and Virgin Media.