Cybersecurity

Why Data Silos Create Cybersecurity Risks and How to Break Them Down

Robert WoodBy 6 Mins Read
data silos
Acceleration Economy Cybersecurity

As a chief information security officer (CISO), I have seen the problems that arise when organizations have data silos. Friction between teams crops up because it’s hard for one to access data belonging to another. Ownership fiefdoms emerge that lead to bickering or squabbles. There can be a death-by-a-thousand-cuts dynamic on your team, as the data silos significantly slow things down over time.

Chief Data Officers are grappling with this issue as well, as this recent analysis reveals, with 55% of respondents indicating they have over 1,000 data sources active in their enterprise, and 50% reporting that they will use five or more management tools in 2023. These are clear indicator of the prevalence of data silos. In this analysis, I will discuss the risks presented by data silos and provide actionable steps that security and technology leaders can take to address them.

What is a Data Silo?

Data silos occur when different departments or teams across an organization store and manage their data separately without a centralized system for sharing and accessing information. Initially, this segmentation aligns with principles such as least privilege and access control. Especially in a cybersecurity context, this thinking is quite natural, almost expected.

This approach may seem like an excellent way to secure sensitive information, but it can create more problems than it solves. Data-sharing needs may not be evident to the individual teams, but they will become apparent when a security strategy must address strategic questions such as:

  • “If a threat were to occur, how would we know about it?”
  • “How would we respond to the threat?”
  • “How could we be sure we handled everything?”

Which companies are the most important vendors in cybersecurity? Click here to see the Acceleration Economy Top 10 Cybersecurity Shortlist, as selected by our expert team of practitioner analysts.

Risks Involved with Data Silos

I’d like to present the three primary risks from my perspective that come along with maintaining a highly siloed data structure, then recommend actionable ways that security and tech leaders should address them.

Risk #1: Lack of Visibility into Security Posture

Data silos can make it difficult for security teams to communicate with one another or collaborate. That lack of coordination between groups makes it harder to get insights about your security posture that require analysis across multiple sources. For example, cybersecurity teams will find the need to analyze compliance artifacts alongside logs alongside vulnerability data. Such data will often live in three, if not more, locations — a clear-cut example of complexity introduced by data silos. When someone can look across these different data sets, compelling insight can be gleaned. Otherwise, the silos result in blind spots.

Risk #2: Inefficiencies in Incident Response

Data silos can slow response time, making it more difficult for teams to contain and resolve a security breach. Suppose logs or other artifacts relevant to the incident exist in many places. In that case, the response team will inevitably be spending precious time tracking down and coordinating access, instead of digging in and doing the work of containment and service restoration. Transparency and being upfront are vital in incident response situations.

Risk #3: Lack of Collaboration

Data silos can lead to a lack of collaboration between different departments and teams. In high-pressure situations like the disclosure of a vulnerability like Log4Shell, compliance, security operations, and engineering teams would be prime candidates to collaborate to resolve issues or mitigate impact.

A system containing data silos could be perfectly compliant yet still be vulnerable. The compliance and engineering teams may have dependency-level data that operations can’t leverage to identify whether a system is vulnerable and if they need to allocate resources to support incident management or investigation. More tactically, having data silos can result in duplication of effort, missed opportunities, and a lack of trust. All of those outcomes are detrimental to any team or group dynamic.

See the Cybersecurity Top 10 shortlist

3 Actionable Steps to Break Down Silos

Step #1: Create a Data Inventory

Start breaking down silos by understanding who has, uses, and needs your data. That should ideally break down by team. It doesn’t have to be complicated; take an hour or two with your team and create a list or a spreadsheet just to get started. Don’t let perfect get in the way of progress. With an understanding of all your data and potential needs, you’ll have a place to begin sorting out where your points of convergence lie.

Step #2: Consolidate Data Sources

With an understanding of the needs and what data exists, leaders can begin to think like an architect — looking for opportunities to consolidate multiple disparate data sources into more centralized locations. This is a good opportunity to engage the leadership team in your organization to strategize and brainstorm.

Insights into Why & How to Recover from a Cybersecurity Breach
Guidebook: Cybersecurity Breach and Recovery Response

Consultants may help, but I caution against outsourcing your thinking. Consolidating doesn’t automatically mean pushing for traditional security information and event management (SIEM) solutions for everything. That may create other problems in terms of cost, scale, and ongoing maintenance. Instead, more solutions are being developed and released all the time that bring the power of data lakes and collaborative data environments into the cybersecurity field.

The important thing here is to pursue this work with an ideal end state in mind.

Step #3: Upskill People

Leaders can improve communication and collaboration by creating cross-functional security teams and investing in training and education programs. I recommend background on the data tools, data visualization techniques, and cross-pollination of skills across team members. A matrix-style team can help directly combat the silos that emerge from overly hierarchical organization structures.

Conclusion

Storing data in a specific location, away from others, often seems like the right decision at the time it happens. It’s in the name of data security and access control. However, data silos can lead to significant risks in cybersecurity, most notably the lack of visibility that can emerge from only seeing a small part of the picture at any given time. Leaders can take action to address these problems by understanding the data landscape and consolidating where possible.

It’s important to note that security properties around access control, for example, shouldn’t get thrown away. Those security properties need to be documented and carried over into the new way of doing things. They shift into being applied in a new way at a new layer in the technology stack. Taking these steps to break down data silos, leaders can create and lay the groundwork for a more secure and efficient cybersecurity posture for their organizations.

One final note related to people: Leaders can improve communication and collaboration by creating cross-functional security teams and investing in training and education programs. I recommend background on the data tools, data visualization techniques, and cross-pollination of skills across team members. A matrix-style team can help directly combat the silos that emerge from overly hierarchical organization structures.

Want more cybersecurity insights? Visit the Cybersecurity channel:

Acceleration Economy Cybersecurity

Share.

Robert Wood is an Acceleration Economy Analyst focusing on Cybersecurity. He has led the development of multiple cybersecurity programs from the ground up at startups across the healthcare, cyber security, and digital marketing industries. Between experience with startups and application security consulting he has both leadership and hands on experience across technical domains such as the cloud, containers, DevSecOps, quantitative risk assessments, and more. Robert has a deep interest in the soft skills side of cybersecurity leadership, workforce development, communication and budget and strategy alignment. He is currently a Federal Civilian for an Executive Branch Agency and his views are his own, not representing that of the U.S. Government or any agency.

Related Posts

Add A Comment

Comments are closed.