Some departments within companies can be secretive about their data. They don’t always like to keep other departments in the loop, and they might cite data security or legal risks when asked to provide information. While it may be true in some cases that fewer people being able to access data is a net security benefit, being secretive can also create data or operational silos.
Sometimes, a silo may form even if the department isn’t being intentionally opaque. If every department in your company is storing data in a way that is most convenient for its users rather than according to a company-wide convention, others may have duplicate information, missing data, or other inconsistencies.
Whatever the issue, the data silo can create communication and strategy problems over time. Instead, implement data storage standards for your company so that all departments and users are sharing data in a secure database.
The Complex IT/Security Environment
A silo occurs when one department or business within an organization does not appropriately share its data. The department may be storing its data in a folder that isn’t accessible to other departments, or it could be updating a shared database infrequently while keeping most information in a separate place.
This could be intentional, but in many cases the data silo forms due to a lack of communication or technological glitch. You could create a data silo just by forgetting to synchronize your device to the company cloud storage for several days. By the time someone notices, your copies of documents could be completely different from the public copy.
Many teams or departments within an organization may have different security responsibilities. IT, for example, focuses on ensuring that devices are integrated into the security environment, addresses tech issues, and implements security solutions for the company. A security department has some overlap here, but it may be more responsible for physical security or employee access and less focused on proper data storage.
Some organizations may have good interdepartmental communication, but they have a security environment that has multiple systems and multiple storage locations. Alternatively, individuals or departments responsible for risk management and security may be using different methods to track each problem, which makes it more difficult to integrate the data. A Hyperproof survey indicates that companies with integration problems and silos have a higher risk of a security incident.
The Security Risks of Silos
Despite a whopping 93% of survey respondents feeling that they had done well with their risk assessments, 39% of the respondents report struggling to find that risk assessment information when they need it. Having data is great, but it does you no good if you can’t access it later. Having a data silo can also interfere with departments’ ability to make progress on improving security as they may redo tasks or not complete other tasks based on assumptions (that no one has done it or that someone else will eventually, respectively). If IT is operating without sufficient communication with security, for example, files may end up stored incorrectly or miscategorized, leading to problems down the line when no one knows where the data are or what relevant information might have been in the risk assessment.
According to the survey, 90% of companies organized their data in silos, which frequently resulted in a poorly integrated approach to security. This creates more difficulties managing risks, and it could lead to a data breach or even a physical breach, wherein an unauthorized person enters the building to cause harm. This would be more challenging with an integrated approach as IT might receive an alert related to that person and could then advise security to prevent that person from entering the premises. Data silos do not cultivate effective cross-department communication.
The survey indicated that many companies struggled to take a proactive approach to online security and instead relied on reacting to alerts or incidents, which led to 61% of these companies experiencing a breach. For those companies that were somewhat proactive but had siloed departments, 46% experienced a breach. In contrast, only 30% of companies who implemented automated security tools and whose departments were successfully integrated and communicative experienced a breach. This is below the 45% U.S. average and 64% global average.
Designing Effective Data Security
To secure databases and other corporate assets against attack, you need to eliminate your silos. Encourage departments to share data and communicate when alerts pop up, and allow both IT and security departments to receive the same information. This can be accomplished with a centralized platform for all departments.
Sharing data can help you minimize the risk of insider threats, and automated systems monitoring can alert IT and security whenever there is suspicious activity. These alerts will be linked to the ID of the person attempting to gain access, enabling both departments to monitor that person for further suspicious activity. This will also facilitate faster breach detection. Similarly, it is a good idea to log physical access and share that with all relevant departments.
By improving the flow of information within your organization, you can decrease your risk of compromised security. Although data silos can form easily, taking proactive and deliberate action to improve communication can break them up and enable your departments to respond quickly to problems, accurately assess risk, and effectively monitor your security environment.