Not a single company today doubts the importance of cyber security. However, a good strategy is not possible without considering your most important asset: data. Many organizations install a generic security solution hoping that their data is adequately protected. A data-first approach reverses the order and starts with the data as the basis for a security policy.

More digital applications mean more data. With the advent of 5G and IoT, a world of new opportunities is opening up for businesses. A good example is the manufacturing industry, where sensors and machines are connected en masse to the internet. Of course, this also entails risks that should not be ignored. Anything you connect and bring online immediately becomes a potential gateway for hackers. And these hackers only want one thing: your data.

First the data, then a solution

So it’s no longer enough to choose a firewall or antivirus based on a sales pitch or a friendly recommendation. A cybersecurity tool can be effective in most scenarios, but it doesn’t mean that this tool will automatically provide the right solution for your data. Unfortunately, it is also not possible to 100% protect your organization from a cyber attack. Human errors are easy to commit and even AI-based cybersecurity solutions are vulnerable as they are set up by humans. Cybersecurity is therefore better started with the following question: Which data do you absolutely not want to lose?

A lot of data circulates through an organization, but the level of importance varies widely. Of course, information about the weekly menu in the canteen is much less interesting for a hacker than the personal or financial data of customers. Business consequences can also vary if specific systems are compromised. When your manufacturing company has to reset a critical machine, the lost revenue can run into the millions.

Data classification means that you classify data at different levels in your organization. What is important to keep your business running? Which information should you optimally protect in the context of regulation and compliance? The next step is to choose one or more physical locations to store your data (on-premises or in the cloud) and assess the implications for your security strategy. Only after you have established a solid foundation can you assess which security tools best suit your scenario.

No time, no knowledge, no money

It all sounds pretty logical, but many companies still struggle to adopt such a data-first approach. Data classification takes time, which is why a ready-made cybersecurity solution often sounds very attractive. Another problem is the budget. Few board members have knowledge and experience related to cybersecurity, so that person cannot properly assess how much budget is really needed to operate from a data-first approach. And while more money is now pouring into security, it has never been a top priority in recent years.

If a budget is then released, the next question is whether IT has sufficient knowledge and motivation. Cybersecurity is a profession in its own right and data classification is a less attractive task than, for example, cloud and DevOps projects. On the other hand, hackers are also better organized and the range of possible attacks is increasing every day. Nobody can know everything and there is no IT professional who can do everything himself. If you are not busy building an architecture for the security of your data on a daily basis, it is wiser to seek the help of experts.

Rely on the security ecosystem

Nobody has all the pieces of the puzzle. It is therefore important that you can rely on a strong ecosystem of specialists, each with their own expertise to help protect your environment and your data in the best possible way. Because of this ecosystem, exchanges like Cybersec Europe of vital importance.

The largest cybersecurity event in the Benelux brings together professionals from different parts of the cycle to share knowledge and ideas. Digital Realty is also represented at Cybersec Europe as part of this broad ecosystem. After all, the company sees many security solutions deployed in its data centers, so it knows exactly which solutions work well in specific circumstances. Additionally, as a data center services provider, Digital Realty can offer advice on how to get started with data classification and adopt a data-first approach.

This is a submitted post by Erwin uit de Bos, Solution Architect at Digital Realty Digital Realty is one of more than 130 exhibitors at Cybersec Europe 2023 this year. The company states: “Do you want an independent second opinion on which security solutions you should choose for your data center? Or would you like to learn more about a data-first approach and how it relates to the solutions of the other players in the broader cybersecurity ecosystem? Then be sure to visit stand 07.B072.”