Investing in Information Security for the Digital Universe

Categories: Advanced Security

IDC has just released an important new study by John Gantz and David Reinsel on The Digital Universe in 2020 that includes an important discussion of the security and privacy implications for the explosion of data in the digital universe. As the report calls out, “The rise in mobility and participation in social networks, the increasing willingness to share more and more data, new technology that captures more data about data, and the growing business around Big Data all have at least one assured outcome — the need for information security.” (page 11)

The report details several important findings related to information security in the digital universe, including that “only about half the information that needs protection has protection.” That finding is represented in this graphic from the report.


This is clearly a huge amount of information that needs to be protected. And the report projects that this gap will increase: the gap between protected and unprotected information “may improve slightly by 2020, as some of the better-secured information categories will grow faster than the digital universe itself, but it still means that the amount of unprotected data will grow by a factor of 26.” That’s a huge amount of information to protect. As organizations look at how to protect this information, what does this explosion of data say about where they should be making their security investments?

This is a topic that Branden Williams and I spoke about at RSA Conference China 2012 in our session called “The Pillar of Trust: Where Big Data Meets Security”. I also touched on this in my blog on “Security strategy and big data”. We believe that the most important implication is that organizations have to make investments that will enable them to establish an effective technology-enabled security process, rather than investing willy-nilly in security tools. This process should focus on security governance, risk management, operations and incident management, such as in the diagram below.


Especially when faced with daunting challenges like the explosion of information in the digital universe, it is difficult not to take an approach of “ready, fire, aim!” But establishing a well-governed security process is the best investment for getting ahead of the security and privacy challenges that Gantz and Reinsel discuss. Support that process with effective technologies like GRC capabilities, incident management and comprehensive analytics. Invest in cooperation with other organizations to share security intelligence. It’s these kinds of high-leverage investments that provide the kind of pro-active security that will make your digital universe safe and secure.

Bob Griffin

Bob Griffin is Chief Security Architect at RSA, the Security Division of EMC, where he is responsible for technical architecture, standards and strategy, particularly for RSA’s data security products. He represents EMC to several standards organization, including as co-chair of the OASIS Key Management Interoperability Protocol (KMIP) technical committee. Bob has extensive experience in security strategy, corporate governance, business process transformation and software development. He has had the primary architectural responsibility for a number of production systems environments and for major software engineering projects at RSA, Entrust and Digital Equipment Corporation,. He is a frequently requested speaker for professional and industry conferences and has instructed courses within both professional and university settings.