The Rise of the Data Security Scientist
A new breed of data scientist -- professionals focused on protecting data -- is emerging. Here's what the role entails and why the position may be a good addition to your IT team.
- By Mark Cassetta
- July 22, 2019
All organizations are awash with data. As they've explored managing, analyzing, and measuring their data, a new class of professional has arisen: the data scientist. Often a critical member of the business, a data scientist is responsible for developing a full understanding of the data the enterprise creates and consumes daily. Moreover, a data scientist's work can fuel corporate strategy for effectively managing and analyzing this data to support business decisions.
The work data scientists do every day has become integral to ensuring enterprises remain competitive in crowded marketplaces and are successful in their critical corporate projects (including digital transformations). It can't be ignored -- data scientists are disrupting business processes and decisions in the best possible ways.
Bringing Data Science to Security
Part of my role requires conversations with corporations of all sizes about how to accelerate adoption of data protection strategies that work for them. In these conversations I've seen a trend emerge -- the inclusion of the data scientist. This underscores a broader trend within IT toward a convergence of data management and data security.
Including data scientists in security decisions has the potential to bring long-overdue disruption to IT security departments. After all, if data scientists can use data to improve business decisions, can't they do the same for security decisions?
The answer is yes and no. Data science can bring much-needed disruption to IT security decisions, but it must be combined with expertise in other facets of security, including network security, identity and access management, and data protection.
The role of data security scientist mirrors that of a data scientist with one key difference: a laser focus on assessing whether an organization is protecting its most valuable data efficiently and according to regulations or industry standards. Like a data scientist, a data security scientist also looks at the complete life cycle of organizational data -- but with a trained, critical eye to security implications at every turn.
This is a critical view that doesn't exist in every corporation. Data scientists are focused on managing and analyzing data. IT security professionals are focused on implementing security measures across the IT stack. A data security scientist asks and answers critical questions about how security policies are implemented as an organization's data is created, managed, shared, and stored. Questions might include:
- What systems or solutions touch corporate data and how do they work together?
- What sensitive data does the enterprise work with?
- Where does the organization store that sensitive data and what protections are applied to this data?
- How does the organization manage moving data, such as data transferred to the cloud? Do data protection policies and solutions stay intact throughout this migration?
Empowering Data Security Scientists with New Technology
The biggest obstacle facing data security scientists is the same as the obstacle facing data scientists -- the sheer volume of data organizations create and consume daily. By 2025, IDC predicts the collective sum of the world's data will grow to 175 zettabytes, a compounded annual growth rate of 61 percent. An individual or team of professionals would be hard pressed to consistently and accurately analyze and ensure the security of this much data without assistance.
As organizations gauge the effectiveness of adding data science professionals to their IT practice, it will be essential for these resources to leverage new technologies to maintain a consistent and accurate view of the efficacy of organizational data security policies. Specifically, data security scientists will want to implement machine learning capabilities to keep pace as data creation and consumption continue to expand.
Data scientists and data professionals have long embraced the use of machine learning capabilities to manage and analyze organizational data with great success. For data security scientists, leveraging machine learning can provide a deeper level of understanding about what data an organization has, how valuable and sensitive it is, and where it is shared and stored.
Specifically, data security scientists can train machine learning algorithms to help users identify and label data as they create documents and send email. Based on this categorization, a machine learning tool then instructs the user how to handle the data according to internal policies and other regulations (think the General Data Protection Regulation or California Consumer Privacy Act).
In short, machine learning capabilities offer context to data as it is created without burdening end users. This context will, in turn, help data security scientists conduct better and more accurate analyses as to how organizational data is secured throughout its life cycle.
As is the case for any other discipline, it will be critical for IT security to develop and deploy strategies that leverage an organization's most valuable asset -- its data. Adding a data security scientist will be a key step in the right direction.
Mark Cassetta, senior vice president of strategy at Titus, oversees the product life cycle from concept to implementation. He is passionate about customer advocacy and developing long-term partnerships with our global customers. Since joining TITUS in 2012, he has held positions in marketing, business development, and corporate strategy. Mark has over a decade of experience across application development and enterprise software, managing projects within large-scale technology transformations. Prior to joining TITUS, Mark was a senior technology consultant at Accenture, managing projects within large-scale technology transformations. He holds a bachelor of commerce degree from the University of Ottawa.