Data risk intelligence is changing the cybersecurity game

Public sector organisations handle great volumes of sensitive data, which has increasingly become digital. These range from financial to health information for each citizen.

As the digital landscape grows, the threats to data security have also increased – with 93 per cent of enterprises reporting an increase in threats in 2024 compared to the previous year, according to  Thales’ 2024 Data Threat Report.

To mitigate these risks, it is essential for organisations to have an effective identification solution that addresses data risks wherever they reside.

Thales’ Chief Solutions Architect (Asia Pacific & Japan) for Data and Application Security, Daniel Toh, shared how the latest Data Risk Intelligence (DRI) solution empowers public sector organisations with precision and actionable insights to protect critical data and remain future proof.

First step is visibility

Organisations cannot tackle data risks without visualising them first, Toh noted.

Thales’ DRI is the first joint solution with Imperva Data Security Fabric (DSF) that combines posture and behaviour-based data risk indicators to achieve unified visibility of risks and data across the entire estate.

“By simplifying the complexities of modern data environments, organisations can gain clearer insights, deliver highly qualified risk scores, and implement recommended protective measures,” said Toh.

The solution enables security teams to reduce reliance on multiple tools and vendors by centralising risk visibility across separate environments. This allows for more efficient asset evaluation and facilitates risk management across large attack surfaces.

Toh added that this comprehensive understanding of data risks empowers organisations to allocate resources more effectively and target protection efforts where they are most needed.

Visibility also provides organisations with proactive rather than reactive measures.

This means that the DRI can prioritise threats based on their impact and anticipate risks to provide actionable insights for security teams to manage them before they escalate, Toh added.

To subscribe to the GovInsider bulletin click here.

Broad solutions for broad concerns

Government agencies have progressively embraced digitalisation to increase transparency and improve public service, and this move requires a comprehensive cybersecurity posture that tends to the specific needs of public organisations.

Adopting effective solutions to protect data while meeting unique requirements and regulatory compliance needs are among the main challenges organisations face when they transform digitally, which calls for customisable solutions, said Toh.

He added that the collaboration between Thales and Imperva provides a broader portfolio of solutions that addresses the diverse requirements of the public sector – from agencies in defence and intelligence to law enforcement.

Data security measures like data masking and tokenisation, for example, are combined with encryption and key management capabilities to create a robust defence-in-depth strategy for government data, Toh noted.

This encryption integration leverages the capabilities of the CipherTrust Data Security Platform solution, which enables organisations to secure data at all levels and accelerate their time to compliance, he added.

Additionally, government agencies must adopt strategies that ensure agility and resilience against present and future threats, such as “harvest now, decrypt later” attacks where information is stored today to decrypt them when quantum computers are available.

Such attacks are already happening, noted Toh, and when delicate information is shared over messages or phone calls, it is important to plan a transition to post-quantum cryptography (PQC).

He added that Thales was integrating PQC into their portfolios to guarantee future-proof solutions that can address the security challenges of tomorrow.

With broad cybersecurity measures, government agencies can ensure the protection of critical data and meet regulatory compliances more seamlessly, Toh said.

The keys to data protection

Among the benefits of the DRI solution is the capacity to increase the agility of organisations by obtaining precise risk scores and making confident decisions for data protection.

The DRI combines risk intelligence from Data Security Fabric and the CipherTrust Data Security Platform to identify the encryption status of data sources and offer recommendations to achieve successful encryption for enhanced data security.

Organisations are also able to “tailor risk indicators to their specific environment to highlight the most critical threats,” Toh said.

As more public agencies go digital, ensuring data sovereignty when adopting third-party solutions is an important issue to take note of.

Toh shared that a focus area for future innovation is the localisation of cloud Software-as-a-Service (SaaS) solution to “ensure government agencies can meet regulatory and data residency requirements while leveraging advanced cybersecurity capabilities.”

Strong data governance structures must also include Identity and Access Management (IAM), such as multi-factor authentication and end-to-end privileged access management to strengthen data security, which is included in the Application Security (AppSec) portfolio.

“With the full integration of Imperva into Thales, we will continue to drive innovation and investment in R&D to address the evolving cybersecurity needs of governments and the public sector,” Toh added.