Have data become the new endpoint? That is, if we've seen security move from concentration on protecting the network to concentration on protecting the endpoint, is the defensive center of gravity now shifting to protecting the data? A panel moderated by Todd Barnum (CISO, GoPro) and including Mike Fleck (VP Security, Covata), Friedrich Wetschnig (VP & CISO, Flex), Greg Crabb (VP & CISO, US Postal Service), and Matt Hollcraft (Chief Cyber Risk Officer, Maxim Integrated) considered the question.
In general they saw this as the coming wave. Crabb offered a moderately encouraging perspective based on US Postal Service outsourcing experience, in which considerable care was taken to circumscribe how data might be accessed and used. The cloud will play a role here, but in at least some of the panelists' view, a role that, while substantial, will remain partial. Wetschnig said, for one, "We're not 100% in the cloud, and never will be."
Fleck thought that solutions to protect data that are currently widely deployed tend to be less effective. "There's a gap in practicality: figuring out how to deploy effective solutions at scale." Hollcraft would like to see the basics covered in the vendor space, but vendors' solutions will need to become more agile, quicker to deploy, and less static than they now tend to be.
Part of the challenge of protecting data is communicating the necessity of doing so to an enterprise's leaders. Here's one good thing, the panel thought, to be said about regulation. As Fleck put it, "Communicating a compliance obligation is easy. Compliance drives behavior and it drives budget." He doubted that any organization would ever succeed in becoming GDPR compliant. "It's aspirational. But it has prompted some good behaviors for the business: understanding my data, where it is, etc." Data are becoming infrastructure.