As organizations aggregate and integrate information in greater volume and variety, protecting sensitive data has become a much more complex task. While the insights generated from pooling databases and mining reports can be immense, a keen eye should be kept on governance priorities to ensure innovation does not come at the expense of safety. To help root out potential vulnerabilities that can be exploited by opportunistic hackers, think tank director Andrew Serwin recommends a strategy that got its start in the Pentagon.

In an interview with CIO.com, Serwin described the Department of Defense-bred theory of Information Advantage. The term is defined by an agency's ability to derive a competitive advantage by leveraging information that their adversaries have been denied access to. In the business sense, that means using customer transaction histories to fuel marketing breakthroughs while simultaneously employing data security solutions which keep that information away from prying cybercriminals.

"This is not a technical problem. It's an information problem," Serwin told the news source. "In the private sector that means you want to make superior use of information within the company to reduce cyber risk, increase profit, reduce costs and protect against brand damage."

While the concept is relatively simple, it's application is anything but. As business models expand to incorporate a wider contingency of partners and stakeholders, companies can be compromised by weak links that lie outside of their four walls.

Legislating a solution
The first step toward protecting sensitive data involves a comprehensive review of how that information is gathered and processed. But while data governance is not necessarily a new idea, executives should be careful to note considerations beyond simply satisfying compliance.

According to Computerworld UK, data governance should be a topic of strategic importance inside corporate boardrooms. Instead of merely following code to avoid a breach, companies should be assessing the true value of their information and determining how well-informed policies and investments can accentuate that worth for business gains.

To get started on this path to Information Advantage, Serwin recommends a formal data classification scheme which prioritizes protection based on sensitivity. While communications regarding an office holiday party may not necessarily need the coverage of a data encryption solution, financial reports and strategic models certainly do.

Companies should not be locking down data to the detriment of functionality, however. As Serwin suggested, employees will need secure data exchange options to ensure a safe horizontal flow of information across the organization to derive full value from what has been collected.